Malware Warning

Threat: Rogue.Win32.DiskAntiVirusProfessional

Description:

Disk AnitVirus Professional is rogue anti-spyware or ransomware. It claims to be legitimate security software to disguise itself. Disk AnitVirus Professional is classified as a rogue because it displays fake scan results, terminates your legitimate applications, and displays numerous fake security alerts to solicit a purchase from the computer operator. None of the issues it reports are real. As part of its self-defense mechanism, Disk Antivirus Professional installs a rootkit on your computer which disables the Windows Task Manager and will block running any program that could lead to its removal. Additionally Disk Antivirus Professional hijacks any attempt to use the browser and will display a fake warning that they the target site attempting to be view is infected. Finally Disk Antivirus Professional will continue to display randomly fake security warnings indicating it has found infections on your computer.

Infected computers will display the following screens:

Malware Warning Screen

Malware Warning Screen

Malware Warning Screen

Under no circumstances should you purchase or install this software.

Risks:

Disk Antivirus Professional may attempt to change your computer’s desktop, hijack your browser, monitor your Internet browsing activities, change system files, and steal sensitive and private information.
It is strongly recommended you remove Disk Antivirus Professional from your computer as soon as possible.

Manual Removal:

To manually remove this threat delete Disk Antivirus Professional files in your system. Shutdown your computer and restart it in Safe Mode with Networking. Then locate and remove the following Disk Antivirus Professional processes, files, and registry keys:

Processes

  • %CommonAppData%\[RANDOM NUMBERS AND CHARACTERS]\[RANDOM NUMBERS AND CHARACTERS].exe

Other Files

  • %CommonAppData%\[RANDOM NUMBERS AND CHARACTERS]\[RANDOM NUMBERS AND CHARACTERS]
  • %CommonAppData%\[RANDOM NUMBERS AND CHARACTERS]\[RANDOM NUMBERS AND CHARACTERS].ico

Registry Keys

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “[RANDOM NUMBERS AND CHARACTERS]”

Automated Removal:

  • If you have not already done so download and install STOPzilla AVM 2013.
  • Launch STOPzilla AVM 2013 and select the Scan tab then select Full Scan
  • When the Scan is complete remove all found threats

No Comments Yet.

Leave a reply

Blue Captcha Image
Refresh

*