Home Malware Programs Browser Hijackers Antispywareum.net

Antispywareum.net

Posted: May 19, 2011

Antispywareum.net is a malicious website that markets rogue anti-virus programs to profit from fraudulent advertising. In addition to trying to sell you Antivirus Protection and similar threats, Antispywareum.net may also hijack your web browser, install Trojans or other threats without your consent, and steal your credit card number. If you've come in contact with Antispywareum.net or have any Antispywareum.net-related application on your PC, switch to Safe Mode and run a full system scan to detect and delete Antispywareum.net threats before they cause serious problems.

Antispywareum.net: More Anti-PC Than Anti-Spyware

Antispywareum.net uses a similar template to Antispywareum.net's twin sites that also sell Antivirus Protection and other copies of that rogue security program. A few of the other websites linked to the overall Antispywareum.net scam include Antivirvip.net, Antivirart.com, Antivirea.com and Antivirat.com. Even Antivirus Protection is sold by many other names like Antivirus Scan and Antivirus Monitor.

Although Antispywareum.net tries to soothe you with positive testimonials, a support page and a check mark-speckled interface reminiscent of Windows, Antispywareum.net has limited functionality compared to a real security program site. The primary working feature of Antispywareum.net is Antispywareum.net's payment-processing form, which is used to process credit card numbers in exchange for an Antivirus Protection activation key.

The fraud in this marketing plan comes in with Antivirus Protection itself, which can't detect or remove Trojans or other threats. Instead, Antispywareum.net application will create fake errors and even cause deliberate system problems, including disabling your ability to use some applications.

The Hijacker in Collusion with Antispywareum.net

Antispywareum.net threats also have a marked tendency to hijack web browsers. Web browser hijacks can show several different signs:

  • Fake website errors may prevent you from visiting websites. One error sample is shown below:

    Internet Explorer Warning – visiting this web site may harm your computer!
    Most likely causes:

    - The website contains exploits that can launch a malicious code on your computer
    - Suspicious network activity detected
    - There might be an active spyware running on your computer

  • You might also find your homepage changed to Antispywareum.net or to a similar website like Antivirart.com. Visiting Antispywareum.net puts your PC in danger of being attacked; any such occurrences should be responded to with a Safe Mode reboot and a full system scan.
  • You may see links to Antispywareum.net embedded in various text keywords or in advertisements, even if you're browsing a website that's not related to Antispywareum.net.
  • Finally, Antispywareum.net hijackers can directly force your web browser to visit Antispywareum.net or any other website of their choosing. This is often concealed to occur only when you click a link to another website, but an Antispywareum.net redirect can happen at any time.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\{RANDOM CHARACTERS}
    2 %Temp%\{RANDOM CHARACTERS}\{RANDOM CHARACTERS}.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\{RANDOM CHARACTERS}

Loading...