AntiAID, AntiKeep and AntiAdd
AntiAID, AntiKeep and AntiAdd are other versions from the same family of rogue programs. AntiAID spreads over the Internet using fake antivirus website. It utilizes a Trojan as a vehicle for attacking computers. By means of a Trojan, AntiAID can sneak into computers without detection from antivirus software. The malware effectively uses online virus scanner that deceives visitors about alarming security threats found and advises them to download and install AntiAID as removal tool. Thinking that it was beneficial, innocent users is easily convince to scan the system with the help of unwanted program, not knowing that it can brings more harm.
During installation, AntiAID virus will create dummy files on various hard drives’ folders that it will detect as “infected” during its own virus scan. This tactic is engaged to deceive computer users and be able to convince them that purchasing the registered version of AntiAID is necessary. In fact, even having the full working version not assists in resolving computer irregularities triggered by AntiAID itself.
Screen Shot Images:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
AntiAID, AntiKeep and AntiAdd uses similar method to install their selves on target computer. Typically, these malware will use a fake security website that runs malicious script. Another culprit is a Trojan that will download and install the rogue application on computer unknown to operator. Aside from that, manually downloading AntiAID engaging user’s action is likely when the malware masquerades as multimedia codec required in viewing requested movies on certain web sites. Installing the fake codec simultaneously runs the install process for AntiAID.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "5hnucos4.exe" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntiAID" KEY_CURRENT_USER\Software\AntiAID HKEY_LOCAL_MACHINE\SOFTWARE\AntiAID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiAIDAssociated Files and Folders:
C:\Documents and Settings\All Users\Desktop\AntiAID.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiAID C:\Documents and Settings\All Users\Start Menu\Programs\AntiAID\1 AntiAID.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiAID\2 Homepage.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiAID\3 Uninstall.lnk C:\Program Files\AntiAID Software C:\Program Files\AntiAID Software\AntiAID C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe C:\Program Files\AntiAID Software\AntiAID\uninstall.exe C:\WINDOWS\200364pambotz62.bin C:\WINDOWS\20345wo5m65bz.dll C:\WINDOWS\20641hack9o5l2d2.dll C:\WINDOWS\system32\1038sp68az.bin C:\WINDOWS\system32\10344wozm9631.cpl C:\WINDOWS\system32\10648tro4hg.ocx %Temp%\5hnucos4.exe
How to Remove AntiAID, AntiKeep and AntiAdd
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of AntiAID, AntiKeep and AntiAdd
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove AntiAID, AntiKeep and AntiAdd without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.
1guest
Nov 12, 2009 @ 13:56:17
And how can we trust your ‘removal tool’?
person
Nov 12, 2009 @ 17:12:22
Well obviously that program does the same thing, requires a payment for deleting it. Im assuming the same company is behind both programs.
precisesecurity
Nov 13, 2009 @ 00:43:34
“And how can we trust your ‘removal tool’?”
Well, seach the net about MalwareBytes Antimalware. The best thing about this tool is you can remove threats for free. Not like other programs offered by other security sites that you have to pay first, they are not rogue though.
With MalwareBytes, you only have to pay if you would like to get the full version to protect your computer.