Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

Antivirus 10

From Malware Wiki
Jump to: navigation, search

Stubsymbol.png This article is a stub. You can help by editing it.

MultipleIssues.png This page has multiple issues. These issues most likely include issues with references and manual of style violations. Please help Malware Wiki by correcting these issues.

Antivirus 10
Antivirus-10.png
TypeRogue Antivirus
Date2016
PlatformMicrosoft Windows
File TypeWin32 PE executable (.EXE)
This box: view  talk  edit

Antivirus 10 is a scareware program that pretends to an anti-virus program, but in reality is just a Trojan trying to scare the user into purchasing it.

Payload

While Antivirus 10 is running it will also display fake security warnings that are worded to make the user think their computer is under attack or that infections have been detected. Examples of these warnings are:

System Information
Your system is infected. Last system scan found infected objects on your PC. It is highly 
recommended to remove infected objects as soon as possible.


System Alert
Malware has been detected on your computer. Click here to protect your PC with Antivirus 10


System Information
Antivirus10 has found viruses on your computer. It is recommended to disinfect files as soon as 
possible.


Windows Security Alert
Antivirus software is not activated. Your system is at risk now. Windows highly recommends you to 
activate your antivirus software to protect your system against malicious intrusions from the Internet.

Furthermore, Antivirus 10 will terminate the notepad, chrome, firefox, opera, mbam, taskmgr, and wordpad programs if they are running or when started. When it terminates these programs it will display a message stating that it is infected. It does this to further scare the user into thinking their applications are infected so that they then purchase the program. An example message the user may see when one of the above processes is terminated is:

Warning
This app has been blocked for your protection.
Windows has blocked the execution of this application to prevent further infections on your PC.

Program name: chrome.exe
Publisher: Google Inc
Status: Infected

Just like the fake scan results, these warnings are designed to make the user think about purchasing the program.

Antivirus 10 will open up pornographic websites at random using Internet Explorer. This is an attempt to make the user think that their computer has been infected.. When it opens one of these sites, it will display one of the following two fake alerts:

System Warning
Attention! The security of your computer has been compromised! Microsoft Windows files are now 
corrupted. Malicious software, which can lead to irreversible damages to your hard drive have been 
found on your system! The destruction of important files in C:\\WINDOWS could lead to data loss, 
system errors and hard drive failure! Click YES to remove malicious software and protect your PC. 
(Recommended)


System Danager
Warning! Windows has detected virus infection! Somebody is trying to get access to your system files 
and steal your passwords! Prevent identity theft and remove viruses now (highly recommended

Antivirus10 will randomly display a message that prompts the user to purchase the program with a clever little catch phrase that was stolen from ESET Antivirus advertising. This advertisement states:

Your children catch colds. Your computer catches viruses. Protect your computer as if it was your own. 
Protect your system with effective antivirus solution. Powered by Antivirus 10.

Media