Mar 042010

Antivirus Soft is a rogue anti-spyware and ransomware program from the same family as Antivirus Live. These infections are installed on to your computer through the use of malware that installs the program onto your computer without your permission or knowledge. It is also common for this rogue to be installed on your computer through the use of malicious PDF files that exploit known vulnerabilities in older versions of Adobe Reader. Once installed, Antivirus Soft will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the infected files it detects are all fake and do not actually exist on your computer.

This program also uses aggressive techniques to protect itself from being removed by anti-malware programs. When the Antivirus Soft process is running it will close almost any running program while falsely stating that they are infected. Antivirus Soft will also change the Proxy settings in Internet Explorer so that you cannot browse to any web site other than the site for Antivirus Soft so that you can purchase the program. It does this so that you cannot browse the web to find removal guides or download software that will help you remove the infection. Using these two methods, the program essentially ransoms the normal use of your computer until you purchase the program or use the guide below to remove the infection.

While Antivirus Soft is running you will also see numerous security warnings and alerts that try to trick you into thinking that you have a security problem on your computer. An example of one of the alerts you will see is a fake Windows Security Center that looks exactly like the legitimate one, but instead suggests that you purchase Antivirus Soft to protect your computer. The infection will also show numerous alerts that state that your computer is infected, that you are sending personal data to a remote location, or a that your computer is being attacked. One of the alerts will have this text:

  • Antivirus Software Alert
  • Infiltration Alert
  • Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
  • Threat: Win32/Nuqel.E

Just like the fake scan results, these security alerts are all fake and are just being shown to trick you into purchasing the program.

Without a doubt, Antivirus Soft was created solely to try and scam you into thinking that your computer is infected in the hopes that you will then purchase it. It goes without saying that you should not purchase this program, and if you already have, please contact your credit card company and dispute the charges stating the program is a scam.

Finally, if you have this infection I can help you get rid of it. Just give me a call or email.