Red Cross Antivirus is a rogue antivirus program from the family of rogues which uses fake Microsoft Security Essentials Alert trojan to install itself.
During installation, the rogue will register itself in the Windows registry to run automatically when Windows loads. Once installed, Red Cross Antivirus will begin a scan and report a lot of infections. It hopes that you will then purchase a full version of the program. Important to know, all of these reported infections are fake. So you can safely ignore all that this fake antivirus gives you.
What is more, while Red Cross Antivirus is running, it will display numerous fake security alerts and nag screens. Moreover, the rogue will also block Windows legitimate programs when you try to run them. It will display a security alert that states:
The application iexplore.exe was launched successfully but it was forced to shut down due to security reasons.
This happened because the application was infected by a malicious program which might pose a threat for the OS.
It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.
However, all of these security alerts are fake and like false scan results should be ignored!
As you can see, Red Cross Antivirus is a totally scam, which created with one purpose to scare you into purchasing so-called “full” version of the program. Most important do not purchase it! Please use the removal guide below in order to remove Red Cross Antivirus and any associated malware from your computer for free.
More screen shoots of Red Cross Antivirus
Use the following instructions to remove Red Cross Antivirus
Click Start, type in Search field %AppData% and press Enter. If you using Windows 2000/XP, then Click Start, then Run. Type in Open field %AppData% and press Enter.
It will open the contents of Application Data folder (for Windows 2000/XP) or the contents of Roaming folder (for Windows Vista/7). Rename antispy to antispy1. Next, reboot your computer.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Red Cross Antivirus infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Red Cross Antivirus removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Red Cross Antivirus removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Red Cross Antivirus creates the following files and folders
%UserProfile%\Application Data\PAV\
%UserProfile%\Application Data\antispy.exe
%UserProfile%\Application Data\tmp.exe
Red Cross Antivirus creates the following registry keys and values
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “WarnonBadCertRecving” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “WarnOnPostRedirect” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | “Shell” = “%UserProfile%\Application Data\antispy.exe”
Hello, I would like to first thank you for this informative post. I was dying to get rid of Red Cross Antivirus, and stumbled upon this page.
To explain my situation, I ran %AppData% but it didn’t have an ‘antispy’ folder, so I just went over and downloaded MBAM. I followed the instructions, and the log popped in the end, only to tell me that some of them infections couldn’t be removed. Still, I restarted the computer and without a surprise, the Red Cross Antivirus started its scanning process as soon the computer re-booted.
I’m stuck as to what I should do next.
Could you please inform me as to what I should do?
My friend from work got this on her system.
It has mutated and look for the file HOTFIX.EXE and the asadasad.bat files
the registry entries are good except there is no PAV folder anywhere to be found.
Ris, try the instructions – http://www.myantispyware.com/2010/08/26/how-to-remove-fake-microsoft-security-essentials-alert/
thank you so much