Antivirus 2010 Security Centre is a rogue anti-spyware program that is promoted through the use of malware and fake online anti-malware scanners. If you encounter this rogue through malware, then the program will be installed on your computer without your permission or knowledge. More commonly, though, you will instead see a pop-up while browsing the web that states that your computer is infected and that you should scan your computer. When you click on the pop-up it will automatically open a site that contains an advertisement pretending to be an online anti-malware scanner. Once this advertisement is finished, it will state that you are infected and prompt you to download and install Antivirus 2010 Security Centre. The truth is that the fake online scanner has no possible way of knowing what is running on your computer and will state you are infected even if you computer is clean.

When Antivirus 2010 Security Centre is installed it will be configured to start automatically when Windows starts. Once started it will scan your computer and state that there are numerous infectons on your computer, but will not allow you to remove any of them until you first purchase the program. All of the infections it shows, though, are actually legitimate Windows files. Therefore, do not delete any of the files it states are infections or your computer will no longer operate correctly.

As you can see, Antivirus 2010 Security Centre was created to scare you into thinking that your computer was infected so that you will then purchase it. It goes without saying that you should definitely not purchase it, and if you have, you should contact your credit card company to dispute the charge. To remove Antivirus 2010 Security Centre and any related malware, please follow the steps in the removal guide below.

Antivir Solution Pro is a rogue anti-spyware program from the same family as Antivirus Soft and AV Security Suite. This family of rogues is installed through the use of malware and exploit kits that download and install Antivir Solution Pro onto your computer without your permission. When this program is installed it will be configured to start automatically when Windows starts, and once started, will perform a scan of your computer and state that it has found numerous infections. It will not, though, tell you the files that are supposedly infected and will also state that you cannot remove anything until you first purchase the program. This is a complete scam, as the program is scripted to display infections every time it is run. That means if you reinstalled Windows and ran Antivir Solution Pro it would still say that you are infected. It does this to scare you into thinking that your computer has a security problem so that you will then purchase the program. When you purchase the program, though, all you do is waste your money as the program has no useful function for your computer.

Antivir Solution Pro is known to be installed through exploit kits on hacked web sites. Exploit kits are are scripts that are added to hacked legitimate web sites that attempt to install malware onto a visitors computer through the use of known vulnerabilities in the Windows operating system and installed applications. Due to this, and to avoid being infected again after your computer is cleaned, it is important that you make sure that your Windows installation is completely up-to-date with all the latest Microsoft security patches. It is also important to make sure that all your programs, which include Sun Java, Adobe Reader, and Adobe Flash, are updated to their latest versions. A great program that you can use to scan your computer for insecure programs is the Secunia Online Software Inspector. We suggest that all readers scan their computer with this program to make sure your applications are not vulnerable to security exploits in order to add an extra layer of security.

When Antivir Solution Pro is running it will state that most programs are infected when you attempt to run them. The text of this fake infection alert is:

Application cannot be executed. The file notepad.exe is infected. Do you want to active your antivirus software now?

It does this for two reasons. The first is to make you think that your legitimate, and clean, programs are infected so that you will then purchase the rogue. The second reason is to block you from running any legitimate security programs that may help you remove this infection.

While Antivir Solution Pro is running it will also show you fake security alerts that attempt to further scare you into thinking you have a infection on your computer. These alerts will state that active malware has been detected or that your computer is under attack. The text of these alerts is:

Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Antivirus Software Alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or similar.

Just like the other false infections alerts, these warnings are all fake and should be ignored. Last, but not least, Antivir Solution Pro will also configure your computer to use a proxy server at 127.0.0.1:5643, which is actually the Antivir Solution Pro program itself. This makes it that when you browse the web using Internet Explorer, the rogue will intercept all your web browser requests and instead display a page that shows a security warning about the site you are visiting. This warning states:

Internet Explorer warning - visiting this site may harm your computer!
Most likely causes:

• The website contains exploits that can launch a malicious code on your computer
• Suspicious network activity
• There might be an active spyware running on your computer

These warnings should be ignored as they are false. If you use a browser other than Internet Explorer you will not see the warnings at all and can browse the Internet like normal.

Without a doubt, Antivir Solution Pro was created solely to trick you into purchasing the program by convincing you that your computer has a security problem. Now that you know what this program does, it goes without saying that you should not purchase this program for any reason. If you already have purchased it, then we suggest you contact your credit card company and dispute the charges. To remove Antivir Solution Pro and any related malware, please follow the steps in the removal guide below.

AntivirusGT is a rogue anti-spyware program that is distributed through the use of fake online anti-malware scanners. When browsing the web you may be redirected to a page that states that your computer is infected. This page will then prompt you to perform an online anti-malware scan on your computer in order to search for viruses. Regardless of whether you accept this offer, you will be brought to a page that displays a fake scanner, that when finished scanning, will state that your computer is infected. It will then prompt you to download and install AntivirusGT in order to remove these supposed infections. It should be noted that this fake scanner page does not actually scan your computer. Instead it is simply an advertisement that will state that your computer is infected no matter how clean it may be.

Once AntivirusGT is installed on to your computer, it will be configured to start automatically and then scan your computer. When it has finished scanning your computer the program will state that there are numerous infections present on your computer, but will not allow you to remove any of them until you first purchase the program. These infections, though, are actually legitimate programs that if removed may cause your computer not to start or operate properly. Therefore, do not manually delete any of the files it states are infections as you will be deleting legitimate and required Windows programs.

While running, AntivirusGT will also attempt to protect itself by not allowing you to run various programs. It does this so that you cannot run security programs that may assist you in removing this infection. When you attempt to run a program you will instead see a message stating that the file is infected. An example of this fake security warning is:

AntivirusGT Resident Shield: Virus Detected
Warning! Active virus detected!
Threat Detected: Trojan.Injector.BZ
Infected File: C:\Windows\System32\rundll32.exe

When AntivirusGT is no longer running you will then be able to run your applications like normal.

While started, AntivirusGT will also display fake alerts that state your computer is under attack or that there are new Windows updates available. When you try to fix the errors or install the updates, though, it will instead prompt you to purchase AntivirusGT. An example of the security update alert is:

Security advisor: Important updates available
New important updates available:

Virus and spyware database is out of date.
New Important updates:
 - antivirus database definitions update
 - anti-spyware database definitions update
 - critical system vulnerabilities fix
Optional Updates
 - resident shield update
 - Internet Explorer potential vulnerabilities fix

The infection will also hijack your Internet Explorer browser so that when you are browsing the web you will be randomly shown an alert stating that the page blocked you from accessing because you are infected. The text of this alert is:

Attention! Your web page request has been cancelled.
This web site refused your connection as it was reported as a malicious request. This can be caused by Viruses, Trojans or Malware installed on your computer.

In order to resend your request to the website, press Resend request (please note, this action may cause a permanent block of your computer by the requested website)

In order to activate your security software, please press Fix Now (recommended)

All of the above alerts are fake and are only being shown to scare you into thinking that you have a security problem and should be ignored.

As you can see, AntivirusGT was created to trick you into purchasing the program by making you think that your computer is infected. As all of these alerts and scan results are fake, you should not purchase this program for any reason. If you have already purchased it, then we suggest you contact your credit card company and dispute the charges stating that it is a scam. To remove AntivirusGT please follow the steps in the removal guide below.

Defense Center is a program that is installed through the use of malware or fake anti-malware scanners and then uses deceptive warnings and scan results to scare you into purchasing the program. The Trojans that install this malware are typically ones that are installed through vulnerabilities in your installed programs or Windows. These vulnerabilities are exploited through sites that you may visit so that Defense Center is installed on to your computer without your permission or knowledge. Therefore, to block this program, and programs like it, from infecting you again please make sure to install all of the Windows updates that are released on Tuesdays and to make sure your programs like Adobe Reader, Flash, Shockwave, and Java are updated to the latest versions. Certain malware distributors are also bundling this Defense Center with the TDSS rootkit. If you are experience redirects when using Google or other search engines then you may be infected with the TDSS rootkit. It is then suggested you also follow the steps in this guide:

How to remove the TDSS, TDL3, or Alureon rootkit using TDSSKiller

When installed, Defense Center Will disable your Windows Task Manager and then remain dormant until a certain amount of time has passed. After this waiting period, you will start to see alerts appear from your Windows taskbar. When you click on these alerts, Defense Center will be downloaded and installed on your computer without your permission. While installing, Defense Center will also attempt to uninstall numerous legitimate anti-virus programs such as Malwarebytes', F-Secure, Trend Micro, and Symantec Antivirus. When you see the rogue stating that these programs are infected and trying to remove them, please do not allow it to do so.

When Defense Center is started it will scan your computer and state that your computer is infected with numerous infections. These infections, though, are not real and the files it states are infected are actually legitimate Microsoft files that Windows needs in order to operate properly. So do not manually delete any of the files it states are infections as your computer may no longer operate correctly. In order to protect itself, Defense Center will also display an alert stating that any program you run is infected. It does this so that you will not run programs that may remove it from your computer. The text of this alert is:

Warning! Virus threat detected!
Virus activity detected!
Net-Worm.Win32 has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat.

While Defense Center is running it will also display alerts that are designed to make you think that your computer is under attack or infected. The text of these alerts are:

Warning! Adware detected!
Adware module detected on your PC!
Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.

Antivirus Alert - Critical threat detected
Warning
Network attack detected
Network attack has been detected. Process is attempting to access your private data.

Warning! Network attack detected!
Network intrusion detected!
Your computer is be attacked from a remote PC.
Attack from :27040
Process is trying to steal your passwords listed below. It is highly recommended to block this threat now.

Danger!
A security threat detected on your computer. TrojanASPX.JS.Win32. It strongly recommended to remove this threat right now. Click on the message to remove it.

Danger!
A security threat detected on your computer. This malicious program may steal your private data. Click on the message to ensure the protection of your computer.

Danger!
Harmful viruses detected on your computer. Click on the message to scan your computer for security threats for free.

Just like the fake scan results, all of these alerts are false and just another tactic being used to scare you into purchasing the program and should be ignored.

As you can see, this program was created with one purpose; to scare you into thinking your computer has a serious security problem so that you will purchase Defense Center. By no means should you purchase this program, and if you have, you should contact your credit card company and dispute the charges stating the program is fraudulent. To remove this program, and any related malware, please use the removal guide below.

Sysinternals Antivirus is a scareware and ransomware program from the same family as Your PC Protector. This program is installed through the use of malware that will install it onto your computer without your permission or knowledge. Once installed, Sysinternals Antivirus will automatically perform a scan when your computer starts. When the scan has finished it will state that your computer is infected with numerous infections, but will not allow you to remove anything until you first purchase the program. As the scan results are all fake and are only being shown to scare you into purchasing the software, you should ignore them and instead use this guide to remove the program.

While Sysinternals Antivirus is running it will protect itself by blocking your ability to run many applications. It does this so that you cannot launch legitimate security programs that may remove it. When you attempt to run a program that it blocks you will see a message stating:

Warning!
Running of application is impossible. is infected.

Once the Sysinternals Antivirus process is terminated, you will once again be able to use your normal applications.

While started, Sysinternals Antivirus will also show fake security warnings that state your computer is under attack or that malware has been found. The text of these messages is:

Security Alert
Infiltration Alert
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropped or similar.

Warning: Infection is Detected
Windows has found spyware infection on your computer! Click here to update your WIndows antivirus software...

svchost.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

All of the above alerts are fake and are only being shown to scare you into thinking that you have a security problem and should be ignored.

Without a doubt, Sysinternals Antivirus was created to scare you into purchasing the program by showing alerts stating that you are infected. Please disregard any warnings this program shows and do not purchase the program. If you have already purchased it, we suggest you contact your credit card company and dispute the charge. To remove this infection please use the removal guide below.

AV Security Suite is a scareware and ransomware program from the same family as Antivirus Soft and AntiSpyware Soft. The developers of this program are distributing AV Security Suite through the use of hacked sites, spam, and Trojans that install it onto your computer without your permission. Once installed AV Security Suite will be configured to start automatically when your computer starts. Once started it will scan your computer and state that there are numerous infections, but will not let you remove any of them until you purchase the program. All of these scan results are fake and are only being shown to trick you into purchasing the program, which you should obviously not do.

If you are running older software, and not updating Windows, you may find that you will be able to remove this program, but then become infected again within a short period of time. This is because the malware developers are hacking legitimate sites or inserting malware ads that use vulnerabilities in common programs such as Adobe Reader, Flash, and Windows to install the malware onto your computer. If you do not update your programs to remove these security holes then the next time you visit a hacked site distributing this rogue, AV Security Suite will be installed on to your computer. A great tool that can be used to scan your computer for outdated and vulnerable programs is the free Secunia Online Software Inspector program. When you scan your computer with this program it will display a report showing all programs and Windows updates that should be installed in order to fix security holes and vulnerabilities. It is advised that all users scan their computer with this program in order to prevent your computer from being infected again after you clean it.

When AV Security Suite is running it will also block you from running normal tasks in order to make it harder to remove the program from your computer. First, it configures Windows to use a proxy server that points back 127.0.0.1:1041. A proxy server is a program that listens to requests from your web browser and then handles the request itself rather than your browser talking directly to a site. As AV Security Suite is set to be your proxy server, any time you browse the web using Internet Explorer it will intercept the request and display a fake security warning that states that the site you are visiting is infected. The message it will display is:

This website has been reported as unsafe
We recommend that you do not continue to this website. This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information.

Once you disable the proxy server all web requests will go directly to the site you wish to go to and you will see the legitimate content. Please note, though, that the next time AV Security Suite is started it will configure your computer to use the proxy server again.

The second method that AV Security Suite protects itself is to block applications from running while stating that they are infected. It does this to stop you from running anti-virus programs that can be used to remove this malware. When you attempt to run a program you will instead see the following message:

Windows Security alert
Application cannot be executed. The file mbam.exe is infected.
Do you want to active your antivirus software now?

Spyware Alert
Application infected! The file rundll32.exe is infected. Do you want to ALLOW this application now?

When you see these infection alerts do not be concerned as your programs are not infected. It is only showing this to further scare you into thinking you have a computer security problem.

While started, AV Security Suite will also display fake security alerts that contain warnings that malware has been detected or that malware is attacking your computer. These messages are all fake as well and only being shown to further convince you that your computer is infected. The text of these messages are:

Windows Security alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Antivirus software alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.

Last, but not least the rogue will also display a fake Windows Security Center. This fake Security Center will look exactly like the original one except that it states that you should purchase AV Security Suite to protect yourself.

As you can see, AV Security Suite was created for one reason only; to scare you into thinking your computer has numerous infections so that you will then purchase the program. It goes without saying that you should definitely not purchase this program, and if you already have, please contact your credit card company and dispute the charges stating the program is a scam. Finally, to remove this infection please use the removal guide below to remove it for free.

Protection Center is part of the Your Protection family of rogues. This program pretends to be a legitimate anti-malware program, but instead uses false scan results and deceptive security alerts to make you think that your computer has a security problem. Once installed Protection Center will be configured to start when you login to Windows and then scan your computer. When it scans your computer Protection Center will state that it found a variety of infections, but will not let you delete them until you purchase the program. All of these infections, though, are fake or legitimate programs being classified as malware that should not be deleted from your computer. Therefore, please do not act upon any of the information displayed by this program. During testing, we have also found that this program is bundled with the Pragma TDSS rootkit, which will attempt to stop you from running various anti-malware applications that may remove it.

While Protection Center is running it will also display pop-ups that contain false alerts about security problem on your computer. These alerts will state that programs you run are infected, that malware has been detected, or that you are sending private information to a remote computer. The text of some of these alerts are:

Danger!
Unauthorized person tries to steal your passwords and private information. Click on the message to prevent identity theft.

Danger!
Unauthosrized access to your computer! Click on the message to install up-to-date antivirus software.

Warning! Virus threat detected!
Virus activity detected!
Email-Worm.BAT adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.

Danger!
Harmful viruses detected on your computer. Click on the message to scan your computer for security threats for free.

Warning! Network attack detected!
Network intrusion detected!
Your computer is being attacked from a remote PC.
Process is trying to steal your passwords listed below.

Just like the fake scan results, these alerts are all fake and should be ignored.

As you can see, Protection Center was created to scare you into thinking that your computer is infected so that you will then purchase the software. Please do not purchase this software, and if you have, you should contact your credit card company to dispute the charges. To remove this infection and any related malware, please use the removal guide below.

Security Master AV is a program that impersonates an anti-malware program, but is in fact a computer infection that uses deceptive tactics to make you think you are infected. This program is considered a rogue anti-spyware program and is part of the Virus Doctor family. Security Master AV is typically installed through Trojans that pretend to be legitimate programs, but instead install this rogue onto your computer without your permission. The installer will also create numerous harmless files that will be detected as malware when Security Master AV scans your computer. When installed, the rogue will be configured to start automatically when you login to Windows. Once started, it will scan your computer and state that the files it created during installation are malware files residing on your machine. In reality, these files are harmless and pose no harm to your computer. They are only being shown to you in order to scare you into thinking that you are infected in the hopes that you will then purchase the program.

While Security Master AV is loaded it will also display fake security warnings and alerts that contain alarming messages stating that malware is stealing confidential information or that you are under attach from a remote hacker. Some of alerts you may see include:

Warning! Identity theft attempt detected
Hidden Connection IP:
Security Risk: High
Target: Microsoft Corporation Keys

System alert
Suspicious software which may be malicious has been detected on your PC. Click here to remove this threat immediately using Security Master AV.

Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Citifraud

Just like the scan results, none of the above alerts are real and should be ignored. This rogue will also hijack your Internet Explorer search engine so that it will use findgala.com instead of the search engine that your browser normally uses.

Without a doubt, Security Master AV was developed to scare you into thinking that you have a computer problem so that you will then purchase the program. It goes without saying that you should definitely not purchase this program, and if you have, you should contact your credit card company and dispute the charge. Finally, to remove this program and any related malware, please use the removal guide below.

Win Antispyware Center is a rogue anti-spyware program that is promoted through the use of Trojans. These Trojans are found on fake video pages that state that you need an update to properly view a video and then prompts you to download and install the update on your computer. Once this Trojan is run it will download and install Win Antispyware Center onto your computer without permission. Once installed it will configure itself to start automatically when you login to Windows and then start scanning your computer. When it is done it will state that you have numerous infections, but will not allow you to remove any of them until you first purchase the program. All of the infections that Win AntiSpyware Center reports, though, do not actually exist on your computer and are only being shown to scare you into thinking that you are infected.

While Win Antispyware Center is running it will display fake security warnings and alerts that are designed to make you think that you have a security problem on your computer. A list of alerts that you may see while this program is running include:

Critical System Alert!
Unknown software is try to take control over your system!

Malware intrusion!
Sensitive areas of your system ware found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

System hacked!
Unknown program is scanning your system registry right now! Identity theft detected!

Threat detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and systemmay be severe. Recover your PC from the infection right now, perform a security scan.

Severe system damage!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

Security Breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for and anti-spyware scan.

System hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy alert!
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Just like the scan results, none of the above alerts are real and should be ignored.

While the program is running, Win Antispyware Center will also attempt to protect itself by not allowing you to run executable programs on your computer. When you attempt to run an executable it will state that program is infected and then shut it down. The message you will see will be similar to the following:

Win Antispyware Centerhas blocked a program from accessing the internet.
Notepad is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.

As you can see, Win Antispyware Center was created to trick you into thinking that you have a security problem on your computer in order to scare you into purchasing it. Therefore, you should definitely not purchase this software, and if you already have, you should contact your credit card company and dispute the charge stating it is a scam. To remove this program and any related malware, please use the removal guide below.

XJR Antivirus is a rogue anti-spyware program from the same family as Your PC Protector. This malware is promoted through the use of Trojans that install XJR Antivirus on your computer without your permission or knowledge. When this program is installed it will be configured so that it starts automatically when you login to Windows. Once running, it will perform a scan of your computer and state that numerous files are infected, but will not allow you to remove any of these files using the program until you first purchase it. All of these files, though, are either fake or legitimate programs that should not be deleted. Therefore, please do not manually delete any of the infections it shows as it may cause your computer to not operate correctly.

This infection consists of two executables called XJR Antivirus.exe and C:\Program Files\svchost.exe. C:\Program Files\svchost.exe is configured as a Windows service that will start when Windows boots up. When this service starts it will then launch the XJR Antivirus.exe program. While the service is running it will also poll the list of running processes and if it sees that the XJR Antivirus.exe program is not running it will attempt to launch it again. Therefore, to remove this infection you must terminate both processes in order to make it so XJR Antivirus does not restart itself.

While XJR Antivirus is running it will not allow you to run numerous executables on your computer. It does this in order to protect itself from anti-malware programs that may know how to remove it. If you attempt to run an executable you will receive a message stating that the program is infected and then the legitimate program will be terminated. An example of one of these alerts is:

Warning!
Running of application is impossible. The file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe is infected.

While the rogue is running it will also display fake security alerts from your Windows taskbar stating that your computer is infected or that your computer is under attack. These alerts include:

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Clear here to clean your PC immediately.

Internet attack attempt detected:
Somebody is truing to attack your PC: This can result in loss of your personal information and infection other computers connected to your network. Click here to prevent attack.

Last, but not least, XJR Antivirus will also display a fake Windows Security Center that suggests that you purchase the program. Just like the scan results, all of these security alerts and messages are just another tactic to scare you into purchasing the software and should be ignored.

As you can see, XJR Antivirus was created to scare you into thinking that you have a computer security program in the hopes that you will then purchase the program. It goes without saying that you should definitely not purchase this program, and if you have, you should contact your credit card company and dispute the charges. Finally, please use the guide below to remove this infection and any related malware for free.