Home Malware Programs Browser Hijackers Antispydrome.com

Antispydrome.com

Posted: May 2, 2011

ScreenshotAntispydrome.com is yet another malicious website pretending to be a legitimate domain for security software. Like many other harmful sites, Antispydrome.com promotes Antivirus Protection, a rogue security program that attacks your PC security and browser use while trying to scam a quick buck through an activation process. Contact with Antispydrome.com or any of the many other harmful websites identical to Antispydrome.com can result in infection by Trojans or other malware threats due to attacks that exploit browser security flaws. Although deleting Antispydrome.com-related software is critical for maintaining a healthy computer, you should preferably do this with the help of anti-malware applications that are designed to remove Antivirus Protection and other complex threats.

Antispydrome.com is Less Antispy and More Anti-Computer

Antispydrome.com is only one of a large group of websites working together to pull a fast one on PC users by selling Antivirus Protection (also known as Antivirus Protection Trial), a nonfunctional and rogue anti-virus program. Related websites include but aren't limited to Antivirvip.net, Antivirvip.com, Antivirea.com and Antivirart.com. Even Antivirus Protection is marketed under many different names, with AntiVira AV being one of its most prominent clones.

A single quick visit to Antispydrome.com is all it takes for your PC to become infected, since Antispydrome.com can use weaknesses in browser security to force your PC to download a Trojan or a rogue security program like Antivirus Protection. Antispydrome.com may also attempt to use an online scanner display to convince you that your PC is infected.

The latter method is just a prelude to similar attacks that you'll see afterwards, since Antispydrome.com's software will create errors like the following:

Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Antivirus Protection Trial will often use these errors combined with blocking security and Windows maintenance programs like Task Manager. For instance, you may see the error below if Notepad is blocked:

Security Alert
Virus Alert!
Application can't be started! The file [application file] is damaged. Do you want to activate your anti-virus software now?

You shouldn't give any credence to alerts or warnings from Antispydrome.com or its related harmful software, since neither Antispydrome.com nor Antivirus Protection can detect threats to your PC. Instead, Antispydrome.com chooses to make up threats and then tell you that they will only go away if you purchase a registration key. In fact, as long as Antispydrome.com rogue security programs are on your PC, you'll experience difficulty in getting many different security-related applications to work at all.

Antispydrome.com's Hijacking Side

Antispydrome.com is also known for its hijacking attacks, which are based on standard proxy server abuses. These attacks take control over your browser in several different ways:

  • Your homepage may be changed to Antispydrome.com, forcing you to expose your computer to Antispydrome.com on a regular basis.
  • You may be redirected to Antispydrome.com after clicking an unrelated link in your search results, or after clicking a link embedded in content that would ordinarily not have links in it.
  • Safe websites, such as Microsoft-affiliated ones and sites related to PC security, may be blocked by error messages stating that they're unsafe.

Such attacks will hinder any attempts to remove Antispydrome.com, and so you should try to disable Antispydrome.com to stop the attacks as a first step. The simplest way to disable Antispydrome.com is to access the Safe Mode boot menu with F8 while your computer is booting. This stops most processes, even ones that are forcibly inserted into the default startup routine, like Antispydrome.com hijacker processes.

As is true for most types of malware, it's best to remove Antispydrome.com threats by availing yourself of a high-quality anti-malware scanner or other software unless such programs are completely unavailable.


ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\{RANDOM CHARACTERS}
    2 %Temp%\{RANDOM CHARACTERS}\{RANDOM CHARACTERS}.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\{RANDOM CHARACTERS}[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command][HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]HKEY..\..\..\..{RegistryKeys}"Content Type”=”application/x-msdownload"[-HKEY_CLASSES_ROOT\secfile][HKEY_CLASSES_ROOT\.exe\shell\open\command][HKEY_CLASSES_ROOT\.exe] @=”exefile”
Loading...