Home Malware Programs Browser Hijackers 4cleanspyware.com

4cleanspyware.com

Posted: September 21, 2009

4cleanspyware.com is a malicious website that is known to be a browser hijacker which can change browser settings without permission or consent from the computer operator. 4cleanspyware.com is another website that is associated to Personal Antivirus, a rogue anti-spyware program. 4cleanspyware.com is designed in one way to promote Personal Antivirus. 4cleanspyware.com is able to display a fictitious system scan and then offers Personal Antivirus as a solution to the bogus results it returns.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Program Files%\Personal Antivirus\activate.ico
    2 %Program Files%\Personal Antivirus\db\DBInfo.ver
    3 %Program Files%\Personal Antivirus\db\ia080614.db
    4 %Program Files%\Personal Antivirus\db\ia080618x.db
    5 %Program Files%\Personal Antivirus\Explorer.ico
    6 %Program Files%\Personal Antivirus\Languages
    7 %Program Files%\Personal Antivirus\Languages\IAEs.lng
    8 %Program Files%\Personal Antivirus\Languages\IAFr.lng
    9 %Program Files%\Personal Antivirus\Languages\IAGer.lng
    10 %Program Files%\Personal Antivirus\Languages\IAIt.lng
    11 %Program Files%\Personal Antivirus\PerAvir.exe
    12 %Program Files%\Personal Antivirus\unins000.dat
    13 %Program Files%\Personal Antivirus\uninstall.ico
    14 %Program Files%\Personal Antivirus\working.log
    15 %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
    16 %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
    17 %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
    18 %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
    19 %UserProfile%\Application Data\Personal Antivirus\settings.ini
    20 %UserProfile%\Application Data\Personal Antivirus\uill.ini
    21 %UserProfile%\Application Data\Personal Antivirus\unins000.exe
    22 %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
    23 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
    24 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
    25 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
    26 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
    27 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
    28 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
    29 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
    30 %WINDOWS%\system32\log.txt

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINEHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngineHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Personal Antivirus_is1
Loading...