Antivirus Monitor

Updated: January 16, 2012 Rogue 6 Comments

Antivirus Monitor is another potentially unwanted application. Without your knowledge, this program can enter and install itself on computer. This type of application is obviously a rogue that causes malfunctions on the system just like the old version AntiMalware Go. Usually, web users can acquire Antivirus Monitor from web site that pretends as an online virus scanner. It will automatically run a virus scan on visitor’s computer and instantly detect a number of threats like Trojans and viruses.

It maybe unknown to users, but the scan is false. Detection made through that online scanner produces manufactured and unreal infection. It tries to deceive computer users with the help of this misinformation campaign. Later, the fake scanner will prompt to download an unregistered version of Antivirus Monitor and have it installed on the computer. Resolving troubles and removing threats is what it claims, but presence of Antivirus Monitor will make your computing experience more miserable.  Internet search result will go on different direction; most redirects will arrive on unknown and harmful sites.

If you have antivirus software installed, it can be stop by Antivirus Monitor. It also locks your desktop and obstructs execution of any software. Antivirus Monitor local scan will commence just after your Windows OS loads. Its fast but unreliable scan will reveal a quantity of virus infection on your system. Similar to online version, it will produce alerts that do not really occur on the PC. As you notice, Antivirus Monitor relies heavily on this deceptive approach to gain your trust.

Stop all of these irregularities by simply removing the offender, which is no other than Antivirus Monitor. Eliminate this corrupt software by completing a virus scan on your computer. Use only an effective anti-malware program with the latest update in it. These updates will provide full detection capability to your security software.

Screen Shot Image:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Antivirus Monitor Removal Procedures

Antivirus Monitor REMOVAL TOOL:
Efficient and complete removal of Antivirus Monitor can be provided by Malwarebytes Anti-Malware. Download the program from this location. If downloading is blocked by a virus, use a clean computer and save it to a Disc or USB drive and execute the removal on infected machine.

MANUAL REMOVAL:
1. Unload any running Antivirus Monitor process by pressing Ctrl+Alt+Del on your keyboard. This will open Task Manager. Look for the following process and click “End Process”:
(random).exe

2. If antivirus program Is installed, connect to Internet and update it to have the latest database and pattern files.

3. Thoroughly scan the computer and clean/delete all infected files. See lists of Antivirus Monitor associated files below.

4. Edit Windows registry and delete malicious entries as stated below.
- If you are using Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box. Press Enter on your keyboard.
- While for Windows Vista and Windows 7 users: Go to Start > Search Program and Files, type “regedit” and press Enter.

5. Close registry editor, changes will be save automatically.

6. Remove Antivirus Monitor start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
(random).exe

7. Click on Apply and reboot the computer for changes to take effect.

Additional Useful Tools

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be get rid as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

Once Antivirus Monitor is installed, a number of files are planted inside the system. With the use of rootkit technology, it may remain undetectable to some anti-virus programs. Rogue software will make themselves attached to compromised computer until the paid version is purchased. It will prevent automatic removal by refusing to have an entry on add/remove program of Windows. Its files are also created with random characters to avoid detection.

Malicious Files Added by Antivirus Monitor
%Temp%\(random characters)\
%Temp%\(random characters)\(random characters).exe

File Location for Windows Versions:

• %Temp% refers to C:\Windows\Temp\.

Antivirus Monitor Registry Entries:
HKEY_CURRENT_USER\Software\(random characters)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = ”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = ’127.0.0.1:33554′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.exe’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “(random characters)”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’