AndromedaAv

Alias: Andromeda AntiVirus, AndromedaAntiVirus

Description: AndromedaAv is a rogue anti-spyware program that displays false and exaggerated results that cannot be removed unless you first buy the full version of the software. This program will detect various files as malware even though they are legitimate files or do not even exist on the computer. AndromedaAv can cause your computer to operate slower, because it runs automatically during computer start up. AndromedaAv periodically displays fake pop-up alerts stating that computer is infected and the full version of the program should be purchased.

AndromedaAv software can be downloaded and installed by the tricked user from the fraudulent andromeda-av.com website or installed by trojans such as Zlob or Vundo without user's consent or knowlege.

Threat type:

Adware - Adware is a software application which displays advertisements on your computer. Advertisements can be displayed through pop-up / pop-under windows, additional bars or toolbars, underlined links or buttons that appear on a computer screen. Adware applications include additional code that delivers the ads. Adware authors earn money when users click on those ads. Occasionally, adware includes code that tracks user's site visits and passes it to third parties without the user's permission or knowledge.

Hijacker - A Hijacker is a software application that takes control of your browser's settings. Usually it changes your home page and redirects it to some unknown site or modifies your search settings. It prevents you from changing back your browser's settings. An infected browser usually operates much slower.

Ransomware - Ransomware is a software application that infects a computer and asks for money to have the infection removed.

Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer and / or to protect your privacy.

Detection:
SpyNoMore removes AndromedaAv: Yes

Threat risk: Very High Risk

Extremely dangerous malware. Uses stealth installation, randomly named entries and has the capability to self update or resurrect after incomplete removal. Almost impossible to remove manually. Category mostly consists of trojans and spyware.

Symptoms:

Popup messages claiming that your computer is infected.

Installation of AndromedaAv without your concent.

AndromedaAv Signature Details: The following information includes some of the standard signatures associated with this spyware threat. Please do not attempt to manually remove these items from your computer; Removing these items incorrectly or partially can cause your computer to experience critical errors, prevent your computer from restarting or cause loss of Internet connectivity. Should you be infected with AndromedaAv, you can clean your computer by downloading SpyNoMore now.

Running Process Signatures:
av.exe
AndromedaAv.exe

File Signatures:


Registered Dll (Dynamic Link Library) Signatures:
%system32%\andrav_inet.dll
%system32%\hinetres.dll
%system32%\rpthreadVC.dll
%system32%\thunk.dll
%system32%\dllcache\cpifmgr.dll
%system32%\dllcache\tmswdat10.dll

Folder Signatures:
%ProgramFiles%\AndromedaAv\

Registry Signatures:
%HKCR%\*\shell\AV
%HKCR%\Folder\shell\AV
%HKLM%\SOFTWARE\AndromedaAv
%HKLM%\SYSTEM\CurrentControlSet\Services\AndromedaAVService
%HKLM%\SYSTEM\CurrentControlSet\Services\AndromedaAvDrv

SpyNoMore Collected Residual File Signatures:
N/A

See Also:
homesiteurls.com
MS Antivirus
RealSpyMonitor
homesecuresite.com
AvPro2008
MSAntivirus
homepageroze.com
homepageonweb.com
ahomepagepark.com
safesurfingpage.com