Wolfram Antivirus Rogue of the FakeScanti Family is a rogue security program that blocks the running of all applications and continual pop up fake alerts designed to scare the infected user into purchasing the rogue.
Files and Locations:
%APPDATA%Wolfram Antivirus\
%APPDATA%Wolfram Antivirus\crss.exe
%APPDATA%Wolfram Antivirus\Wolfram Antivirus.exe
%APPDATA%Wolfram Antivirus\wf.conf
%APPDATA%Wolfram Antivirus\wolfram Antivirus.ico
%APPDATA%Wolfram Antivirus\sysl32.dll
%APPDATA%Microsoft\conhost.exe
%APPDATA%dwm.exe
Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer”
Type: REG_SZ
Data: http=127.0.0.1:57273
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows “load”
New data: <Account User>\Temp\csrss.exe
HKEY_CLASSES_ROOT\CLSID\{19090308-636D-4e9b-A1CE-A647B6F794BF}\InprocServer32 “(Default)”
Data: C:\%APPDATA%Wolfram Antivirus\sysl32.dll
The Wolfram Antivirus Rogue can be remediated by manual methods, however, it is best to use an Antispyware/Antivirus removal tool like VIPRE Antivirus.
You can download a free trial to remove the Wolfram Antivirus from your computer for no cost by clicking on the link below:
http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/
If you are unable to download and install our malware removal tool because this has infected your computer and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:
