Antivirus 2010 RTK is an especially dangerous rogue security product that hijacks a victim’s desktop (stopping him from running other applications) and installs a rootkit that VIPRE detects as Trojan.Win32.Olmarik.agn (v).
The rootkit gives complete access to the victim’s PC, which can allow monitoring of all activities and enable the rogue distributor to steal passwords and other confidential information.
It also pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.
The rogue is an update of Antivirus 2010, which appeared in early December.
Antivirus 2010 RTK graphic interface
(Click on graphic to enlarge)
Antivirus 2010 RTK warning screen
(Click on graphic to enlarge)
Antivirus 2010 RTK fake warning screen after desktop hijacking
The desktop hijacking can occur as much as 20 minutes after the victim first becomes infected.
Analysis tool GMER indication of a rootkit installation
(Click on graphic to enlarge)
How to remove Antivirus 2010 RTK:
Antivirus 2010 RTK installs itself as a replacement for userinit.exe file which it needed to boot the PC:
running as a Service
Antivirus 2010
\\.\globalroot\systemroot\system32\us?rinit.exe
To remove it, open a DOS terminal window and rename the real userinit.exe. Rename us?erinit.exe (to a name without the question mark) then restore the original “userinit.exe” to its correct spelling.
Caution: if the machine is rebooted before the original userinit.exe is restored, it will become unbootable.
Click here to use VIPRE to remove other files associated with Antivirus 2010 RTK from your computer now.
No comments:
Post a Comment