Home Malware Programs Browser Hijackers 6cleanspyware.com

6cleanspyware.com

Posted: September 22, 2009

6cleanspyware.com is a browser hijacker known to use many misleading methods to promote the Personal Antivirus rogue anti-spyware application. 6cleanspyware.com usually shows up in search results for an unsuspecting computer users seeking to find a solution to spyware. 6cleanspyware.com uses aggressive tactics to promote Personal Antivirus such as misleading popup messages and falsified system scans.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
    2 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
    3 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
    4 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
    5 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
    6 %Program Files%\Personal Antivirus\activate.ico
    7 %Program Files%\Personal Antivirus\db\DBInfo.ver
    8 %Program Files%\Personal Antivirus\db\ia080614.db
    9 %Program Files%\Personal Antivirus\db\ia080618x.db
    10 %Program Files%\Personal Antivirus\Explorer.ico
    11 %Program Files%\Personal Antivirus\Languages
    12 %Program Files%\Personal Antivirus\Languages\IAEs.lng
    13 %Program Files%\Personal Antivirus\Languages\IAFr.lng
    14 %Program Files%\Personal Antivirus\Languages\IAGer.lng
    15 %Program Files%\Personal Antivirus\Languages\IAIt.lng
    16 %Program Files%\Personal Antivirus\PerAvir.exe
    17 %Program Files%\Personal Antivirus\unins000.dat
    18 %Program Files%\Personal Antivirus\uninstall.ico
    19 %Program Files%\Personal Antivirus\working.log
    20 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
    21 %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
    22 %UserProfile%\Application Data\Personal Antivirus\db
    23 %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
    24 %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
    25 %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
    26 %UserProfile%\Application Data\Personal Antivirus\settings.ini
    27 %UserProfile%\Application Data\Personal Antivirus\uill.ini
    28 %UserProfile%\Application Data\Personal Antivirus\unins000.exe
    29 %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
    30 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
    31 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
    32 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
    33 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
    34 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
    35 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
    36 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
    37 %WINDOWS%\system32\log.txt

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINEHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngineHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Personal Antivirus_is1
Loading...