Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

AKM Antivirus 2010 Pro Analysis and Removal

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

AKM Antivirus 2010 Pro is a malicious, fraudulent antivirus program that uses fake system alerts about non-existent malware infections and system infiltrations to scam the user’s into purchasing a useless license/subscription. The fake alerts are many and frequent making the computer nearly impossible to use for productive purposes.

Rogue antivirus programs like AKM Antivirus 2010 Pro are commonly installed when users are redirected to fake online scanner pages or fake ‘video codec required’ pages distributed through out the Web by cyber criminals using blackhat SEO techniques, Spam and Malicious flash advertisements.

A rogue security software such as AKM Antivirus 2010 Pro belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own. They need to be removed immediately from your system.

AKM Antivirus 2010 Pro 14 AKM Antivirus 2010 Pro Analysis and Removal

Desktop hijacked by AKM-Antivirus-2010-Pro

Users should not fall for the false alerts of system infection and buy the scareware to ‘clean’ the system. If you purchased one by entering your credit card number at a rogue software website, it would be prudent to:

  • Immediately contact the bank that issued the card and dispute the charges.
  • Request them to not allow any further transaction and cancel the card. You may also request them to issue a new card with a different number.

The trojan dropper file with an internal name of wpp.exe in this instance, was about 1.00 MB in size. It was detected by 15/41 (36.59%) of the antivirus engines available at VirusTotal. The following changes to the system were noticed when installed:

  • It creates a fake svchost.exe as a service with name Adobe Update Service, that frequently opens a window mimicking the windows error alert and causes automatic system restart.
  • AKM Antivirus 2010 Pro 15 AKM Antivirus 2010 Pro Analysis and Removal

    fake-svchost.exe

  • This scareware creates a Browser Helper Object -Microsoft’s Internet Explorer plugin- named adc32.dll (ADC Plugin).
  • Installs a fake Windows Security Center in place of the legitimate one. The links in the fake security center opens the scareware scanning window.
  • This scareware blocks execution of most programs including the browsers Firefox and Chrome. Internet Explorer worked normally.
  • Administrative tasks like Command Prompt and MS configuration editor are blocked.

AKM Antivirus 2010 Pro Aliases

This scareware is known by the following aliases:

  • Trojan.Win32.FakeScanti!IK
  • ADSPY/PCProtector.C
  • Win32/Rogue.BWShield2s_i
  • Trojan.Win32.Agent2.craw
  • W32/Obfuscated.AI!genr
  • Trojan.Win32.Generic.pak!cobra

Typical AKM Antivirus 2010 Pro Scare Messages

Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.

There are critical system files on your computer that were modified by malicious program. It will cause unstable work of your system and permanent data loss.

Your computer is being attacked by an internet virus. It could be a password stealing attack, a trojan-dropped or similar.

Warning Infection is Detected. Windows has found spyware infection on your computer! Click here to update your Windows antivirus software.

AKM Antivirus 2010 Pro Associated Files and Folders

  • C:\Documents and Settings\malwarehelp.org\Desktop\AKM Antivirus 2010 Pro.lnk
  • C:\Documents and Settings\malwarehelp.org\Local Settings\Temp\win4.tmp
  • C:\Documents and Settings\malwarehelp.org\Start Menu\Programs\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro.lnk
  • C:\Program Files\adc32.dll
  • C:\Program Files\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro.exe
  • C:\Program Files\alggui.exe
  • C:\Program Files\nuar.old
  • C:\Program Files\scdata\dbsinit.exe
  • C:\Program Files\scdata\images\i1.gif
  • C:\Program Files\scdata\images\i2.gif
  • C:\Program Files\scdata\images\i3.gif
  • C:\Program Files\scdata\images\j1.gif
  • C:\Program Files\scdata\images\j2.gif
  • C:\Program Files\scdata\images\j3.gif
  • C:\Program Files\scdata\images\jj1.gif
  • C:\Program Files\scdata\images\jj2.gif
  • C:\Program Files\scdata\images\jj3.gif
  • C:\Program Files\scdata\images\l1.gif
  • C:\Program Files\scdata\images\l2.gif
  • C:\Program Files\scdata\images\l3.gif
  • C:\Program Files\scdata\images\pix.gif
  • C:\Program Files\scdata\images\t1.gif
  • C:\Program Files\scdata\images\t2.gif
  • C:\Program Files\scdata\images\Thumbs.db
  • C:\Program Files\scdata\images\up1.gif
  • C:\Program Files\scdata\images\up2.gif
  • C:\Program Files\scdata\images\w1.gif
  • C:\Program Files\scdata\images\w11.gif
  • C:\Program Files\scdata\images\w2.gif
  • C:\Program Files\scdata\images\w3.jpg
  • C:\Program Files\scdata\images\word.doc
  • C:\Program Files\scdata\images\wt1.gif
  • C:\Program Files\scdata\images\wt2.gif
  • C:\Program Files\scdata\images\wt3.gif
  • C:\Program Files\scdata\wispex.html
  • C:\Program Files\skynet.dat
  • C:\Program Files\svchost.exe
  • C:\Program Files\wp3.dat
  • C:\Program Files\wp4.dat
  • C:\WINDOWS\Prefetch\AKM ANTIVIRUS 2010 PRO.EXE-391D24AA.pf
  • C:\WINDOWS\Prefetch\PC_PROTECT.EXE-0549DB82.pf
  • C:\WINDOWS\Prefetch\SVCHOST.EXE-30F98231.pf
  • C:\Program Files\AKM Antivirus 2010 Pro
  • C:\Documents and Settings\malwarehelp.org\Start Menu\Programs\AKM Antivirus 2010 Pro

Some of the file names may be randomly generated. The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

AKM Antivirus 2010 Pro Associated Registry Values and Keys

  • HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\Registration
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\scantime=4.5.2010 20:19:22
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\scncnt=5
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\check9=1
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\check10=0
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\check11=1
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\check12=1
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\check13=0
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\check14=1
  • HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro\setdata\check15=0
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02}
  • HKEY_LOCAL_MACHINE\Software\Classes\.exe@ = C:\Program Files\alggui.exe “%1″ %*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\NextInstance=1
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\Service=AdbUpd
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\Legacy=1
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\ConfigFlags=0
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\Class=LegacyDriver
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\ClassGUID={8ECC055D-047F-11D1-A537-0000F8753ED1}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\DeviceDesc=Adobe Update Service
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\Control\*NewlyCreated*=0
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD\0000\Control\ActiveService=AdbUpd
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\Type=16
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\Start=2
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\ErrorControl=1
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\ImagePath=C:\Program Files\svchost.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\DisplayName=Adobe Update Service
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\ObjectName=LocalSystem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\Security\Security=.
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\Enum\0=Root\LEGACY_ADBUPD\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\Enum\Count=1
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd\Enum\NextInstance=1
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\NextInstance=1
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\Service=AdbUpd
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\Legacy=1
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\ConfigFlags=0
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\Class=LegacyDriver
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\ClassGUID={8ECC055D-047F-11D1-A537-0000F8753ED1}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\DeviceDesc=Adobe Update Service
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\Control\*NewlyCreated*=0
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD\0000\Control\ActiveService=AdbUpd
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Type=16
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Start=2
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\ErrorControl=1
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\ImagePath=C:\Program Files\svchost.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\DisplayName=Adobe Update Service
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\ObjectName=LocalSystem
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Security\Security=.
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Enum\0=Root\LEGACY_ADBUPD\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Enum\Count=1
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Enum\NextInstance=1

The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

AKM Antivirus 2010 Pro Associated Domains

This scareware was observed accessing the following domains during installation and operation:

  • http://core2637.instituteofbianco. com/
  • http://jn2637.postyourdatanow. com/

Note: Visiting the domains mentioned above may harm your computer system.

AKM Antivirus 2010 Pro Removal (How to remove AKM Antivirus 2010 Pro)

MalwareBytes’s Anti-Malware (mbam-setup.exe) was able to remove this infection.

  1. Boot in to Windows Safe Mode with networking
  2. Download MalwareBytes’s Anti-Malware Free edition (mbam-setup.exe) or from a clean computer download and copy to a removable drive like CD, DVD or USB flash drive.
  3. Double-click mbam-setup.exe to start the installation. Proceed with installation following the prompts. Make sure that the following option is checked when you finish the installation: Update Malwarebytes’ Anti-Malware.
  4. Once the update is completed, Launch Malwarebytes’ Anti-Malware and select Perform full scan in the Scanner tab. When the scan is completed, click “Show results“, confirm that all instances of the rogue security software are check-marked and then click “Remove Selected” to delete them. If prompted restart immediately to complete the removal process.
  5. Turn System Restore off and on.

You should now be clean of this rogue.

The full version of Malwarebytes’ Anti-Malware performs brilliantly against scareware such as AKM Antivirus 2010 Pro. The real-time component of the paid version includes dynamic blocking of malicious websites, servers and prevents execution of malware. It would caution you before most rogue security software could install itself. Please consider purchasing the Malwarebytes’ Anti-Malware Full version for additional protection.

If you are unable to get rid of this scareware, please visit one of the recommended forums for malware help and post about your problem.

AKM Antivirus 2010 Pro Scareware — Screenshots

AKM Antivirus 2010 Pro Scareware — Video

Note: The AKM Antivirus 2010 Pro installation and removal was tested on a default installation of Windows XP SP3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

You may also like to read



{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: