«

»

Aug 12

Wolfram Antivirus Rogue of the FakeScanti Family

Wolfram Antivirus Rogue of the FakeScanti Family is a rogue security program that blocks the running of all applications and continual pop up fake alerts designed to scare the infected user into purchasing the rogue.

Wolfram Antivirus GUI

Files and Locations:
%APPDATA%Wolfram Antivirus\
%APPDATA%Wolfram Antivirus\crss.exe
%APPDATA%Wolfram Antivirus\Wolfram Antivirus.exe
%APPDATA%Wolfram Antivirus\wf.conf
%APPDATA%Wolfram Antivirus\wolfram Antivirus.ico
%APPDATA%Wolfram Antivirus\sysl32.dll
%APPDATA%Microsoft\conhost.exe
%APPDATA%dwm.exe

Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer”
Type: REG_SZ
Data: http=127.0.0.1:57273

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows “load”
New data: <Account User>\Temp\csrss.exe

HKEY_CLASSES_ROOT\CLSID\{19090308-636D-4e9b-A1CE-A647B6F794BF}\InprocServer32 “(Default)”
Data: C:\%APPDATA%Wolfram Antivirus\sysl32.dll

The Wolfram Antivirus Rogue can be remediated by manual methods, however, it is best to use an Antispyware/Antivirus removal tool like VIPRE Antivirus.

You can download a free trial to remove the Wolfram Antivirus from your computer for no cost by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because this has infected your computer and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>