间谍软件Internet Antivirus
作者:冠群金辰技术支持
文章来源:

概述
类别
Rogue Security Software:  使用欺骗性手段进行安装和进行其他企图的安全软件。安装后，流氓软件通常使用威吓手段通知用户在他们的系统中已经安装了间谍程序或恶意程序。之后流氓安全软件要求用户付款以取得解决方法。这些应用程序可能与具有不同目的的其他恶意程序捆绑出现。该类型软件通常以反间谍程序或防病毒应用程序的形式出现。

发源
发源日期
  2008年8月 

检测和删除
手工删除
按照以下步骤从您的机器删除Internet Antivirus。先备份您的注册表和系统，并设置一个还原点，防止发生错误。
自动运行的引用：
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce 3p_udec_ia
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run internet antivirus

清除注册表:
使用注册表编辑器清除以下注册项（如果存在）：
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run iv
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run internet antivirus
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce 3p_udec_ia
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 displayversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 helplink
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 inno setup: app path
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 inno setup: deselected tasks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 inno setup: icon group
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 inno setup: selected tasks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 inno setup: setup version
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 inno setup: user
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 installdate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 installlocation
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 nomodify
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 norepair
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 publisher
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 urlinfoabout
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet antivirus_is1 urlupdateinfo
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce 3p_udec_ia
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run internet antivirus

删除文件:
使用资源管理器删除以下文件（如果存在）：
iainstall.exe
iaupdater.exe
iavir.exe
internetantivirus.exe
iv.exe
unins000.exe
%common_desktopdirectory%\internet antivirus.lnk
%common_programs%\internet antivirus\internet antivirus home page.lnk
%common_programs%\internet antivirus\internet antivirus.lnk
%common_programs%\internet antivirus\purchase license.lnk
%profile%\application data\internet antivirus\settings.ini
%profile%\application data\internet antivirus\uill.ini
%program_files%\ia\internetantivirus.exe
%program_files%\internet antivirus\activate.ico
%program_files%\internet antivirus\cookies.log
%program_files%\internet antivirus\db\config.cfg
%program_files%\internet antivirus\db\dbinfo.ver
%program_files%\internet antivirus\db\ia080614.db
%program_files%\internet antivirus\explorer.ico
%profile%\application data\internet antivirus\unins000.exe
%profile%\application data\internet antivirus\uninstall  internet antivirus.lnk
%program_files%\internet antivirus\iavir.exe
%program_files%\internet antivirus\scanner.log
%program_files%\internet antivirus\unins000.dat
%program_files%\internet antivirus\uninstall.ico
%program_files%\internet antivirus\working.log
%program_files%\internet antivirus\iaupdater.exe
%program_files%\internet antivirus\iavir.exe
%program_files%\ia\internetantivirus.exe
iainstall.exe
%program_files%\internet antivirus\iaupdater.exe
%profile%\application data\internet antivirus\unins000.exe
iv.exe

删除目录:
使用资源管理器删除以下目录（如果存在）：
%common_programs%\internet antivirus
%profile%\application data\internet antivirus
%program_files%\ia
%program_files%\internet antivirus
%program_files%\internet antivirus\db
%program_files%\internet antivirus\languages

调查
文件分析
Internet Antivirus

调查方式
间谍软件研究中心