Oh no, another fake antivirus software. There are so many fake computer security application out there that there is now a collective term for them - Scareware. Appropriately name for application that scare you with false security alert!
Some scareware that have been highlighted here before are:
Advanced Virus Remover
Malware Bell
and a website that works the same way.
Get Paid To Advertise Online
I did a search online and found the way to remove this rouge application.
1. Download The Avenger. Fearing that this itself is a malicious application, I did a search on Google and found that many forums and site on removal of rootkit refers to this application. So i guess it is probably safe to use. Google search for "The Avenger"
2. Check "Scan for rootkit" and "Automatically disable any rootkit found"
3. Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Home Antivirus 2010
4. Folders to delete:
%ProgramFiles%\HomeAntivirus2010
5. Download Malwarebytes' Anti-Malware from cnet download.com. As per "The Avenger" i did a google search to make sure that this is not a rouge application. Found that it is actually reviewed in PC Mag.
6. Perform a quick scan after Malwarebytes Anti Malware is installed.
7. For the list of infected items, select all items for removal.
That's about all. Additional information about Home Anitvirus 2010 are below.
Home Antivirus 2010 creates the following files and folders:
C:\Program Files\HomeAntivirus2010
C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe
C:\Program Files\HomeAntivirus2010\htmlayout.dll
C:\WINDOWS\system32\cepapyx.com
C:\WINDOWS\syromeni.bat
C:\Program Files\Common Files\ywukynota.com
C:\Program Files\Common Files\vivifabyx.dll
C:\Documents and Settings\All Users\Application Data\ciqudehyri.dll
C:\WINDOWS\system32\_scui.cpl
Home Antivirus 2010 creates the following registry keys and values
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Home Antivirus 2010
HKEY_CURRENT_USER\Control Panel\don’t load\scui.cpl
HKEY_CURRENT_USER\Control Panel\don’t load\wscui.cpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel
Instructions here are summarized and take from the site below:
For more information and reference, you can check out http://www.myantispyware.com/2009/07/19/how-to-remove-home-antivirus-2010-uninstall-instructions/
Monday, July 20, 2009
glo ~ Good Life Offers! Great Deals, Great Offers, Vouchers, Coupons, Discounts and lots more
Limited Time Offer!
