Jan 26

Antivirus Smart Protection Rogue of the FakeVimes Family

Antivirus Smart Protection is a rogue of the FakeVimes Family which comes after the Malware Protection Center clone.

The rogue uses the scare tactics of generating pop up fake alerts to get the users infected to purchase the rogue.

The FakeVimes rogues also hijacks the hosts file and sets a proxy in the Internet Options, Connections, Lan Settings which is used for Search Engine Results re-directs.

The FakeVimes family has also included in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, hundreds of entries of the different legitimate Antivirus companies executable files to block them from being able to be ran.

Antivirus Smart Protection (FakeVimes) GUI

Files and Locations:
%ALLUSERSPROFILE%\<Random Named Folder>
%ALLUSERSPROFILE%\<Random Named folder>\<Random File Name>.exe
%ALLUSERSPROFILE%\<Random Named folder>\<Random File Name>.ico
%ALLUSERSPROFILE%\<Random Named folder>\Quarantine Items
%ALLUSERSPROFILE%\<Random Named folder>\<Random File Name>.cfg
%APPDATA%\ Antivirus Smart Protection\Instructions.ini
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\ Antivirus Smart Protection.lnk

There are ways of removing this manually, but we recommend using our malware removal tool, VIPRE Antivirus. You can download a free trial to remove Antivirus Smart Protection from your PC for no cost by clicking on the link below:


If you are unable to download and install our malware removal tool because the rogue has infected your PC and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>