A new rogue/ransomware, called AntiVirus, was discovered today that attempts to ransom the ability to run certain programs for $5. This program is a bizarre mixture of spelling mistakes, odd choice of programs to disable, and very crude programming. Unfortunately, though, even with all of this, the program still stands a good chance of making money for the malware developers.
When AntiVirus is installed it will change certain Windows Registry settings so that you cannot run the FreeCell, Internet Explorer, iTunes, Limewire, MalwareBytes', Microsoft Paint, Notepad, Rundll32, Task Manager, Windows Media Player, and Wordpad programs. When you attempt to run any of these programs you will be shown an alert that states that the program is infected. If you wish to remove this infection, AntiVirus prompts you to send $5 to an @yahoo.com email address where they will send you an activation key. Once the activation key is installed, the program will supposedly allow you to use the programs again. For those with browsers other than Internet Explorer, you can easily download some tools to remove this infection. At this time, though, the majority of users still use Internet Explorer and will be unable to use it while this infection is active. Therefore, this malware developer stands to make some money from those who have no choice but to pay the $5 ransom. If you run into this program, please do not send them money. Instead use the below guide to remove it for free.