Sysinternals Antivirus is another fake security application that will demonstrate fake virus scan on victims computer to mislead them and influence that computer is under attack and a protection is needed. In this situation, Sysinternals Antivirus can easily promote itself to “Help Protect your PC.” It will also camouflage to be a legitimate Windows security program that will prompt advises to remove detected threats by obtaining the registered version of Sysinternals Antivirus.

Let it be known that Sysinternals Antivirus came from the same authors who also released other rogue programs like Your PC Protector, AKM Antivirus 2010 Pro and XJR Antivirus. These mentioned programs were created specifically to be sold over the Internet by deceptive means. It can be downloaded with consent by pretending to be a multimedia files from an online video web page or can be installed on computers unknown to users via drive-by-download method. Internet users who visits a malicious websites can be infected with Sysinternals Antivirus when a malicious script was run on visitors computer to download, execute and install this fake anti-virus program.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Sysinternals Antivirus Infection?

Sysinternals Antivirus Screen Shot Image

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Sysinternals Antivirus
  • HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd

The threat will drop the following malicious files:

  • %UserProfile%\Desktop\Sysinternals Antivirus .lnk
  • %UserProfile%\Local Settings\Temp\win1.tmp
  • %UserProfile%\Local Settings\Temp\win2.tmp
  • %UserProfile%\Start Menu\Programs\Sysinternals Antivirus
  • %UserProfile%\Start Menu\Programs\Sysinternals Antivirus \Sysinternals Antivirus .lnk
  • c:\Program Files\adc_w32.dll
  • c:\Program Files\alggui.exe
  • c:\Program Files\nuar.old
  • c:\Program Files\skynet.dat
  • c:\Program Files\svchost.exe
  • c:\Program Files\wp3.dat
  • c:\Program Files\wp4.dat
  • c:\Program Files\wpp.exe
  • c:\Program Files\Sysinternals Antivirus
  • c:\Program Files\Sysinternals Antivirus \Sysinternals Antivirus .exe

How to Remove Sysinternals Antivirus Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.

How to Easily Remove Sysinternals Antivirus

1. Download and run Removal Tool to remove this computer threat.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Please support Im-Infected.com
By clicking any of these buttons you help our site to get better