The only rogue I’ve been seeing this month (over and over again) is the AntiVir Solution Pro (a.k.a – Antivir Security Suite).  This rogue (fake) Anti-Virus installs itself instantly and then:

• prevents the user from using the internet.
• loads generic porn sites.
• tells the user that a “key logger” may have been installed or their credit card information is being stolen or that they have dozens of viruses on their PC.
• prevents any other .exe from opening saying that “.exe is infected”.
• sets proxy server settings to 127.0.0.1 (localhost) and a random port which the rogue listens on.  This is so it can redirect you to a random porn site or to the rogue’s “buy me now” page.
• may or may not come with a “pack” of other infections such other downloaders or a rootkit (if this is a 32-bit  OS).  64-Bit OS’s may see an increase in downloaders in c:\Users\*

How To Remove AntiVir Solution Pro:

1. Download Dr. Web’s Live CD and burn the ISO to disc.
2. Boot from the Dr. Web Live CD.
3. Scan the following directories (if they exist) – c:\users or c:\documents and settings and c:\windows\.  This may take about an hour to complete.  Dis-infect (cure) anything that it finds.
4. Reboot into safemode with networking by tapping the F8 key.
5. Now that you’re inside safemode with networking we need to turn off the proxy server settings.  Refer to this article on how to turn off proxy server settings.
6. Download CCleaner.
7. Run it and clean all the temporary data for the user logged on (you have to do this for each account on your computer).
8. It’s time to load Malwarebytes.   Download the latest copy of Malwarebytes and update it.
9. Run a Full scan with Malwarebytes (if you have the time, if not, quick scans are usually enough).  Remove anything Malwarebytes finds and reboot into normal mode.
10. You should be all clean now.

Look for my next post which will show you how to block rogues like AntiVir Solution Pro.