Sysinternals Antivirus
Sysinternals Antivirus is a malicious computer security application that will provide fake warning messages to be able to deceive users on the presence of threats. This tactic is commonly employed by rogue security application to sell the program via its fraudulent activities and earn a profit with this useless program. Sysinternals Antivirus will pretend as an anti-virus program for Windows that offers various resources such as System Scan, Privacy, Firewall, and overall protection. The danger about this being on the computer is it can prevent any installed antivirus program from running thus installation of this malware will be undetected. A pop-up alerts and warning messages coming from Sysinternals Antivirus is a complete symptom that the computer is under attack. Aside from that, compromised computer will also experience browser redirection, as the malware will try to mislead Internet users from downloading other malicious programs.
Clean your computer immediately and remove Sysinternals Antivirus with a powerful anti-malware program. To remove all other associated files and registry entries, a use of another anti-virus program is recommended. Make sure that the security software you use have updated database to completely detect and remove all threats on the computer.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
Malware Behavior
While the fake Sysinternals Antivirus is running on the computer, it will generate a bunch of fake security alerts and repeatedly mislead users of non-existent virus infection. It also state that computer is experiencing virus attack that displays the following message:
Security Alert
Infiltration Alert
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack a Trojan-dropped or similar.
Details
Attack from: 293.80.11.105, Port 58962
Attacked port: 41567
Threats: HalfLemon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "novavapp"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "novavappr" HKEY_CURRENT_USER\Software\Sysinternals Antivirus
HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
Associated Files and Folders:%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.acf %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.lti %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe %UserProfile%\Application Data\Microsoft\Internet Explorer\lleod150 %UserProfile%\Application Data\Microsoft\Internet Explorer\wmharun.log %UserProfile%\Application Data\Microsoft\Internet Explorer\wmrun.log %UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk c:\Program Files\adc_w32.dll c:\Program Files\alggui.exe c:\Program Files\extra1.dat c:\Program Files\nuar.old c:\Program Files\skynet.dat c:\Program Files\svchost.exe c:\Program Files\wp3.dat c:\Program Files\scdata c:\Program Files\scdata\dbsinit.exe c:\Program Files\scdata\wispex.html c:\Program Files\scdata\images\i1.gif c:\Program Files\scdata\images\word.doc c:\Program Files\scdata\images\wt1.gif c:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe
How to Remove Sysinternals Antivirus
Here is a simple step-by-step procedure to remove Sysinternals Antivirus virus from an infected computer. Please follow the steps carefully.
1. Download removal software and save it on your Desktop or any accessible location of your hard drive.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install the program using the “default” settings.
4. Before the installation completes, you need to update the database. - Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click Finish. Program will run automatically and you will be prompt to update the program before starting a scan. Please proceed with update to obtain the latest database necessary to detect and remove Sysinternals Antivirus.
6. Scan your computer thoroughly and completely check all files, folders and registry entries for possible infection.
7. When scanning is finished, click on Show Results.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. After removing items associated with Sysinternals Antivirus, it will prompt to restart the computer. Click Yes to complete the cleaning process.
10. When computer starts, open MalwareBytes Anti-Malware. Go to Quarantine tab and click on Delete All to fully remove all malicious items.
Note: Sysinternals Antivirus may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.
Comments and Suggestions
On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Sysinternals Antivirus payment refund or lost serial key, kindly check the FAQ for rogue program first.
Disclaimer:
Read our article disclaimer about Sysinternals Antivirus.