AVCare
AVCare is a notorious rogue security application that will take advantage of fake pop-up alerts and warning messages to promote itself. This malware usually get inside the computers without users knowledge with assistance from a Trojan that able to bypass security programs. On some instances, it was manually installed once this malware has deceived computer user about its legitimacy. If successfully installed, numerous warnings will pop-up to further mislead user and convince them to buy the registered version. AVCare also produces severe irritation through fake task bar messages. Playing with Internet browser settings can manipulate user’s search result. Every item on result is redirected to various fake security web sites that can bring further damage to computer when executed.
Since AVCare is associated with a Trojan, harm it can cause to compromised computer may range from medium to severe. AVCare also infects other executable files that can render system unstable resulting to system crashes. Some severely infected PC requires reformatting when essential files are corrupted and repair is ineffective.
AVCare is so destructive. But its intrusion can be prevented with the protection provided by legitimate security application.
Screen Shot Images:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
[expand title="View More" swaptitle="Hide This"]Characteristics (Analysis)
This malware manages to automatically run each time Windows starts by adding the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”AV Care” = “C:\Program Files\AV Care\AvCare.exe”
Malware Behavior
When AVCare is loaded, it will start to produce a barrage of pop-up alert. Sample of fake message that will appear is:
Your system is infected! AVCare detected 10 system security
threats on your PC. Detected malicious programs can damage your PC and compromise
your privacy. It is strongly recommended to remove these threats immediately.
If you attempt to remove the threat, AVCare reminds that you need to register the copy before it proceed with virus removal.
Added Registry Entries:AVCare – Unregistered version!
10 infected objects have been found during the last scan. You need to registered your copy of AVCare and remove these security threats immediately. Continue to use your PC without protection may cause major failures such as:
- System slowdown and crash
- Loss of Internet connection
- Loss of documents and settings
- Unauthorized access to the private
- Major data loss
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"AV Care" = "C:\Program Files\AV Care\AvCare.exe" HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Applets\Paint HKEY_LOCAL_MACHINE\SOFTWARE\AV Care HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\AV CareAssociated Files and Folders:
%UserProfile%\Desktop\AV Care.lnk %UserProfile%\Start Menu\Programs\AV Care\AV Care.lnk %ProgramFiles%\AV Care\avc.ico %ProgramFiles%\AV Care\AVCare.dat %ProgramFiles%\AV Care\AVCare.exe %ProgramFiles%\AV Care\AVCare.ini %ProgramFiles%\AV Care\PP.exe %ProgramFiles%\AV Care\Uninstall.exe
How to Remove AVCare
Manual Removal Procedure
1. Kill any running process that belongs to AVCare.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
AVCare.exe
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"AV Care" = "C:\Program Files\AV Care\AvCare.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\AV Care
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by AVCare.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'