Conflicker.B spam-trojan is a trojan that installs Antivirus Pro 2010 (rogue antispyware program) and displays fake security alerts on compromised computer. This trojan infects computers via spam emails with header “Conflicker.B Infection Alert”. The contents of the SPAM email is:
Dear Microsoft Customer,
Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division
The email contains an attachment named “install.zip”. The zip file contains a file called install.exe that a trojan-downloader. Once install.exe is run, it will display a lot of fake security alerts that says “Windows has detected an infection” and will download and install the fake security program (rogue antispyware) called Antivirus Pro 2010.
It is important to know that Antivirus Pro 2010 is fake, does not offer any protection to computer and uses false scan results, fake security alerts, nag screens in order to scare you to buy the paid version of the software. If your computer is infected, then use these removal instructions below, which will remove Conflicker.B spam-trojan, Antivirus Pro 2010 and any other infections you may have on your computer for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [mserv] C:\Documents and Settings\user\Application Data\seres.exe
O4 – HKCU\..\Run: [svchost] C:\Documents and Settings\user\Application Data\svcst.exe
O4 – HKLM\..\Run: [Antivirus Pro 2010] “C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe” /hide
Use the following instructions to remove Conflicker.B spam-trojan
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Conflicker.B spam-trojan infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Conflicker.B spam-trojan removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Conflicker.B spam-trojan creates the following files and folders
%AppData%\seres.exe
%AppData%\svcst.exe
Conflicker.B spam-trojan creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mserv
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\svchost
