Attentive-antivirus.com – malicious site

Attentive-antivirus.com is a site that belongs to Attentive Antivirus rogue antispyware. For this reason we do consider this domain as the one that users should be aware of and avoid while surfing the world wide web. It is surely a regret to realize that many users have already been deceived by this nasty piece of malware, and my mistake some users have paid for this hoax. We hope that you will not be in the list of those deceived by this rogue.

attentive-antivirus.com

The site attentive-antivirus.com reports many good things about Attentive Antivirus rogue antivirus. It boasts that this is the world’s best antivirus software ever. But, of course, we strongly doubt this fact. Instead, we can positively assert that this is a serious malware program that may implant your computer.

The hoax called Attentive Antivirus is a master of trickery. It reports many fake threats on your computer and then asks users to pay the money, supposedly in order to remove all fake threats. In reality, those who pay money for its license simply waste their funds. You should never make this serious mistake.

Attentive Antivirus removal instructions:

  1. Open “My Computer” (Windows Explorer).
  2. In the address field insert http://gridinsoft.com/downloads/explorer.exe and hit “Enter” key.
  3. Save “explorer.exe” to your Desktop or elsewhere.
  4. Run “explorer.exe“.
  5. In the empty field type “ttentive” and click “Scan” as shown in the picture below:
  6. ttentive

  7. Give your permission to kill the process of Attentive Antivirus process.
  8. Visit the site http://trojan-killer.net to download GridinSoft Trojan Killer.
  9. Install it and scan your PC with the program.
  10. Remove all infections found.

Software necessary for complete removal of Attentive Antivirus rogue:

Alternative removal solution:

  1. Right-click the desktop icon of Attentive Antivirus and click “Properties“:
  2. Locate Attentive Antivirus

  3. Click “Find target“:
  4. Find target of Attentive Antivirus

  5. You will see the file serv. Right-click it and select “Edit“:
  6. serv

  7. In the Notepad document that opened find the very last entry. You will need to replace “add” with “delete” and “HKLM” with “HKCU” as shown at the image:
  8. Serv file modification

  9. Run Explorer by clicking Win+E.
  10. Go to the folder –> C:\\Windows\\system32
  11. Copy cmd.exe and transfer it to your desktop.
  12. Rename cmd.exe into explorer.exe.
  13. Run from the desktop renamed file cmd.exe (now explorer.exe).
  14. In the opened window type these 2 commands step-by-step (as highlighted in the screenshot):
  15. Run commands in cmd.exe

    These 2 commands must be added:
    reg delete “HKLM\Software\Microsoft\Windows\CurrentVersion\Run” /v AA2014
    reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” /v AA2014

  16. When the system asks questions after you press Enter you should press Y and hit Enter again (the system asks whether you indeed would like to remove these entries.
  17. Restart your PC now.
  18. Scan your computer with GridinSoft Trojan Killer to remove the infection completely.

Manual removal tips:

Associated files:

%CommonAppData%\[random]\
%CommonAppData%\[random]\[random]
%CommonAppData%\[random]\[random].exe
%CommonAppData%\[random]\[random].exe.manifest
%CommonAppData%\[random]\[random].ico
%CommonAppData%\[random]\[random].in
%CommonAppData%\[random]\[random].lg

Associated registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]″ = “%CommonAppData%\[random]\[random].exe”

Leave a Comment

*