Antivirus 360 (AV360 – Rogue/fake antivirus- How to get rid of it!
// February 15th, 2009 // Custom descriptions of malware, Malware Related
Today I came across another variant of the relentless AV-360 malware touted by the Innovaguest cybercrime gang.
Any web user can catch this malware simply by clicking on an innocent link in google search that happens to have been altered (the website you are visiting has been hacked) to redirect visitors from google searches to a fake scan page…(this one hosted on malwareprosecurityscan.com)
The fake scan page will then bring up a mock up of a Windows XP explorer window, and proceed to show that your computer is “infected” with 500 or so viruses…and to protect yourself it recommends downloading a thing called AV360- Antivirus 360 (not to be confused with Norton 360, a well known security program).
A window will pop open inviting you to run a file called InstallAVg_xxxxxx.exe where the xxxxxx is a random number which lets the cyber crime gang know which website it was downloaded from.
When you run this file the following window appears:
The executable then connects to a remote server using the Microsoft BITS service to covertly download the av360 malware…and soon you will be greeted by a barrage of popups trying to scare you into buying their product and remove the infections (which are made up, and do not exist) for an extortionate fee.
That is right at the beginning of the scan…my oh my 14 threats already (such as spyware.IEmonster.d and Zlob.PornAdvertiser.ba)!
AV360 also tries to embarras the victim into handing over their money…. what would you do if your computer started accusing you of downloading porn!
It gets worse with more intrusive alerts like the ones below:
and this…
So by now you are going to be going out of your mind with worry…. and your real antivirus hasn’t stood up to the thread, well to be fair I am not surprised…almost none of the good guys detected this bad guy:
http://www.virustotal.com/analisis/9c71d7309391898a2d0547ae7e738a74 
Now you are probably wondering how to remove this nasty piece of work from your computer….
Well for manual removal of this specific variant, the following bad files are dropped onto the computer:
C:\Windows\System32\WinConfig.dll
C:\Program files\A360\AV360.exe
C:\Program files\Common files\System\Uninstall\Uninstall A360.lnk plus a few more nasties… remove them manually if you wish or better still get a decent antimalware program to do it for you (keep reading…)
Kaspersky AVPTool is a free virus scanner developed by well known antivirus vendor Kaspersky Labs….it will scan for and remove this particular variant and many others…download it here:
If that doesn’t work, or if you want to be sure it’s all gone, Malwarebytes anti malware is another free tool I recommend from an excellent company dedicated to keeping computers free from scum like AV360…it can get rid of such infections quickly and easily
…download it here:
If AVPTool has helped remove this nasty piece of work from your computer and your current antivirus has let you down, perhaps consider buying a license for Kaspersky Anti-Virus or Kaspersky Internet Security, both of which protect against this and many other web based threats.
19 Responses to “Antivirus 360 (AV360 – Rogue/fake antivirus- How to get rid of it!”
Leave a Reply
- Praveen said: I also have the same problem. But the thing is now...
- Woody said: okguy i had the exact same problem as jordanna abo...
- Rika-chan said: For those who can't open the Internet I had the sa...
- Capricorn Logan said: thank god for telling me this but im glad i got th...
- kristina said: I installed it, tried to start it, the virus said ...
- Kali said: I already have Malwarebytes' Anti-Malware, but I c...
- my_virtual_c facebook application. Self propagating spam/worm?
- IOBit accused of stealing proprietary Malwarebytes database
- How to remove/delete Secure Keeper virus/malware
- How to remove/delete Security Tool virus/malware
got hit with AV360, finally got out of it, but recognized it as a scam. Norton and Adaware scanned for it. Emptied all temp files and cookies. these people are scum.
i waz browsing mechquest-the free online rpg game. suddenly this window came. it told me to download av360. it scared the shit out of me. the attack was so bad that we had to format our pc. tip and proof: when it tells you that iemonster will atrtack ur system, dont click anything: resume with your work. ull have a good 10 min before the attack. this proves that av360 launches the attack. :{
av360 ur a @^%$&*& piece of !^$*. i hate you!!!!!
They Charge me 100 $ do you think they will get more money from My Maser Card with my permission, and cheat me more.
Any one has any idea or I should cancel my master and get new one.
Regards
The previous instructions do not remove the Browser Helper Object. This is what breaks IE causing it to display the av360 page on every site.
Delete the following keys from the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}]
@=”&Research”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}\InprocServer32]
@=”C:\\WINDOWS\\system32\\winconfig.dll”
“ThreadingModel”=”Apartment”
The IE Add-ons now show only the Office 2003 Browser Extension. The Research Browser Helper Object is gone.
To go one step further, open a command prompt and type “regsvr32 /u winconfig.dll”. It returned an error, so I decided to rename the file.
As soon as I tried to do that, Symantec deleted it.
Apparently when the dll is registered, Symantec, Spysweeper, and Spybot Search & Destroy cannot see it.
That is one nasty little piece of malware.
I got this malware on both my laptops. After researching what it was, I intalled Malbytes, but I think Antivirus 360 is preventing the windows of Malbytes from opening so I can’t scan and remove 360. Is this common?
Yes, it happens sometimes…try to get avptool from here and scan with it:
http://malwarecrawler.com/asetup.exe
I clicked on the above website and got an ad for the AV360. I clicked “X” right away. I got another popup that said “click OK to download AV360″ but I clicked “X” and got another box that said something about do I want to continue running scripts and I clicked “No.” I haven’t found any of the above mentioned files on my computer and it’s been a while with no incident. Hopefully this means I am safe? I reported it to IC3.
Hi,
Usually if you decline the popups and terminate the browser you will be safe.
It wouldn’t hurt to run a free scan with Malwarebytes or Kaspersky and uninstall them afterwards if you do not want to keep it.
when i first got it i absolutely S*** my self because i had only recently got my computer working so after a while i thought hang on a moment if none of my others are picking it up why does this one so i decided to search google
malwarebytes doesn’t see it
When this thing first popped up a week ago I almost fell for it, but then I noticed some bad spelling in some of the commands. Gates and Company are known for a lot of things, but bad spelling isn’t among them. So I ‘X’ed out of the pop-up and that was a mistake as it immediately started the download. Ctrl-alt-delete was my next choice and I was able to stop the program from continuing. Everything was fine after that and so I thought I caught it in time. Then this morning after I booted, my AVG anti-virus alerted me to a list of about eight file extensions from this same Windows 360 anti-virus malware. The AVG deletion tool took care of them, but what I am wondering now is whether or not a key-logger was installed in the meantime and if all our passwords need to be changed?
I was attacked by this damn shitty thing and I froze for a moment before regaining my senses! over 300 trojans and 400 viruses??? That’s a bit too much! SO I decided to scan my computer first before clicking on that installer thing. i actually downloaded it but something told me it’s quite suspicious so I searched about it and voila, I read all about it here. Thanks for posting this! I’ve deleted it from my computer. I hope everything’s still fine and well.
Looks like there is a variant out here for A360;
Couldnt find the browser extention as dirwin found in registery settings shown above; McAfee might have removed some things but I did find two odd browser extentions: I disabled both and I could browse to Microsoft again; after disabling them I unregistered and removed winconfig.dll.
Diagnose Connection Problems and Windows Messenger; these had no Microsoft Inc or file name associated so I was thinking they were not valid. Also disabled some F5 networks ActiveX controlls
Anyone know if this variant attacks Mac OS? My wife came across it (apparently on a hacked google link) and the file was in my downloads. Unlear if it ran, however. What has me concerned is that I saw a Mac dialogue box open with the fake Windows XP screen.
avery good soft ware thanks
GREAT! NOW YOU TELL ME ! I HAVE WINDOWS XP…I GOT ALL THESE MESSAGES ABOUT PORNO, ON MY COMPUTER AND I ONLY USE MY COMPUTER FOR SCHOOL ( UNIV OF PHOENIX). NOW AFTER HAVING SPENT 100 DOLLARS ON MY CC WHICH I CANCELLED, I AM TRYING TO FIGURE OUT WHAT TO DO NEXT. WHEN I LOGGED INTO MY COMPUTER YESTERDAY I NOTICED IT DISSAPEARED FROM MY DESKTOP, AND I CAN NO LONGER OPEN THE FILE. THAT IS WHEN I TOLD MY HUSBAND I THINK WE HAD BEEN CONNED. I FEEL LIKE SUCK AN IDIOT. NOW I HAVE TO BUY ANOTHER SPYWARE, AND I DO NOT KNOW WHO TO TRUST.ALSO WHO DO I REPORT IT TO? CAN I GET MY MONEY BACK? HOW DO I REMOVE IT FROM MY COMPUER, PLEASE HELP!!
I HAVE PURCHASE ONE ANTIVIRUS A360 BUT BY ERROR I DELETE THE FILR FROM MY PC SO I WANT INSTALL NEW SOFTWARE THANK U
I NEED WHAT I WANT TO DO TO UNSTALL THE ANTIVIRUS A360 IN MY PC BECAUSE BY MISTAKE I DELETE ALL FILES