The Security Guide Security Guide RSS Feed


Manage your Risks Online - Anti-Virus Monitor Fraudware

UNAVSOFT is a nasty bogus anti-virus program which corrupts a user’s profile in way that no programs can be run and the user is repeatedly warned that the computer has a virus. Any existing anti-virus program such as Microsoft Security Essentials is disabled. The user is then redirected via Internet Explorer to the web site of and instructed to enter credit card details and pay for an anti-virus program.

Removal of a corrupted user profile can be complicated. One method is to log in via another administrator account, restore the system to a point before infection and/or remove the infected user.

If the infected User account itself is the only Administrator Account then log in as another limited non-privileged user to create a new administrator account as follows on Windows XP.

  • Log in with another limited non-administrator account
  • Open Computer Programs
  • Navigate to c:\windows\system32
  • Right-click on cmd.exe and select Run As…
  • Select another user account and enter the username and password of the (corrupted) Administrator Account
  • In the command prompt window type: control nusrmgr.cpl
  • This will open the User Account Control Panel. Create a new Administrator Account
  • Log out the limited non-administrator account
  • Log in the new Administrator Account

Delete from the infected user the following files...


Go to the System Restore facility to restore the system to a point before UNAVSOFT infection.

Restoring to a previous point should remove all UNAVSOFT registry settings. This will also remove the new Administrator Account. It is recommened to create a new Administrator Account again and use this to delete the corrupted account profile completely.

If you want to save documents and files from the corrupted account copy these files to another new account

Copy Files to the New User Profile:

  • In Windows Explorer, click Tools, click Folder Options, click the View tab, click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.
  • Locate the C:\Documents and Settings\Old_Username folder, where C is the drive on which Windows XP is installed, and Old_Username is the name of the profile you want to copy user data from.
  • Press and hold down the CTRL key while you click each file and subfolder in this folder, except the following files: Ntuser.dat, Ntuser.dat.log, Ntuser.ini, %Temp%\*.*
  • On the Edit menu, click Copy.
  • Locate the C:\Documents and Settings\New_Username folder, where C is the drive on which Windows XP is installed, and New_Username is the name of the user profile that you created in the "Create a New User Profile" section.
  • On the Edit menu, click Paste

Once copied you can completely remove the corrupted account:

  • Open Control Panel -> User Accounts -> Delete the corrupted user account.
  • Check in C:\Documents and Settings\ that the folder of the corrupted user account is deleted.
It is good practice to use a Non-administrator account for normal use and a separate Administrator Account for tasks such as installing programs.
© RuleWorks - All Rights Reserved - Policy - - Sitemap