Wednesday, August 25, 2010

AWM Antivirus

AWM Antivirus is a rogue security product. It tries to victimize Internet users by pretending to find malicious code on their machines in order to frighten them into purchasing this application which does nothing.

AWM Antivirus creates the directory %Documents and Settings%\Application Data\AWM\ then downloads one file to it -- a 17.6 MB module.

Its first process sets the following registry keys:

• Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

• Value: C:\Documents and Settings\Dave\Application Data\AWM\AWM.exe

• Data: C:\Documents and Settings\Dave\Application Data\AWM\AWM.exe:*:Enabled:awm

Its second process creates the following registry keys:

• HKEY_CURRENT_USER\Software\AWM\Activation
• HKEY_CURRENT_USER\Software\AWM\Security

VIPRE will stop or remove AWM Antivirus.

If AWM Antivirus has infected your pc, you should remove it immediately. Click here to use VIPRE to remove PC Defender Antivirus from your computer now.

No comments:

Post a Comment