AVSystemCare – New fake anti-malware

AVSystemCare is one of the latest fake/dubious anti-malware. The installer stub of AVSystemCare is detected by most of the AVs as a variant of "popular" WinFixer rogue software. AVSystemCare is one among numerous similar looking dubious software. Some of the clones are MenaceRescue, AntiSpywareSuite and GoldenAntiSpy etc. All of them have identical websites, and an example is shown in the below screen shot:


Below screen shot shows Virus.org Malware Scanner scan results of the installer stub:

When this stub is executed, it downloads a 14 MB (!) setup file through which the actual AVSystemCare is installed. This is how AVSystemCare looks like:


AVSystemCare installs some SSDT hooks, IAT hooks and Message Hooks as part of its "real-time monitor" and creates some "Run" Registry keys, as shown in below screen shots:




AVSystemCare also "updates" itself automatically by connecting to one of their servers:


Interestingly, it does seem to monitor the system in real-time, and it alerts the user when it detects a malware or when user tries to execute malware files:


However, this software is dubious and is not at all recommended for usage. The uninstaller provided with the software removes almost all of its traces. However, it is recommended to scan a PC with any of the popular and legitimate anti-malware tools. Also, RogueRemover - a tool from MalwareBytes.org - removes all the traces of AVSystemCare automatically, and it can be downloaded from here for free. More information about AVSystemCare is available at Symantec Security Response pages.