Home Malware Programs Browser Hijackers Antivirat.com

Antivirat.com

Posted: May 2, 2011

Antivirat.com is a harmful website that uses the disguise of a security software company to sell you malicious security software. Software from Antivirat.com will attack your PC ability to browse the web, disable security programs and create fake errors that identify nonexistent threats. If you're experiencing any symptoms like the ones above, you should strongly consider acquiring suitable anti-malware programs to remove all Antivirat.com infections. Be sure to avoid any unnecessary contact with Antivirat.com, since Antivirat.com may infect your computer even if you don't download anything intentionally.

Antivirat.com is a New Addition to Antivirus Protection's House of Cards

Antivirat.com 'sells' the rogue anti-virus program that calls itself Antivirus Protection. This particular rogue security program uses many different sites besides Antivirat.com to promote itself such as Antivirvip.net, Antispydrome.com, Antivirvip.com, Antivirea.com and Antivirart.com. An infection acquired from any one of these sites may force your computer to be exposed to attacks from one of the mirror sites, and you should consider all of them, Antivirat.com included, to be one branch of a larger malicious organism.

Visitors to Antivirat.com will find that the Antivirus Protection program that Antivirat.com sells has no real anti-virus features. Instead, Antivirat.com's software makes up for this by creating a profusion of fake warnings.

Examples include:

Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Antivirus software alert
Infiltration alert
Your computer is being attacked by an Internet virus. It could be password-stealing attack, a trojan-dropper or similar.

It's completely unnecessary to pay heed to any of Antivirus Protection's warnings, or to any warnings from Antivirat.com itself. Even dire warnings about keyloggers, Trojans and other threats to your PC are all fake, and only pose a threat insofar as they can trick you into thinking that Antivirus Protection could be beneficial to have on your PC.

The More Serious Dangers Inherent in Antivirat.com Attacks

Fake alerts are the least of the problems that coincide with an Antivirat.com-related infection, however:

  • Antivirat.com malware may hijack your web browser. Browser hijacks can change your homepage, record information transferred in the browser, redirect you from search results and create fake warnings that disable access to normal websites.
  • You may also experience restricted access to applications, especially applications related to system security or maintenance. The following fake error is often used to create the appearance of something being wrong with the application itself:

    Security Alert
    Virus Alert!
    Application can't be started! The file [application file] is damaged. Do you want to activate your anti-virus software now?

  • Trojans related to Antivirat.com may also alter your security settings for a number of malicious purposes or download other types of harmful software onto your PC.

Since Antivirus Protection uses startup Registry entries to run automatically, you should assume that Antivirat.com programs are active unless you've taken steps to disable them. The easiest method for disabling Antivirat.com threats is to switch to Safe Mode, a mode available in all Windows computers. Just hit F8 during startup but before Windows starts to load and you'll access the appropriate menu.

Because Antivirat.com's Antivirus Protection is a complex threat and is likely to cause other infections, you should try to use anti-malware scanners to remove Antivirat.com problems before you try any manual methods

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\[RANDOM CHARACTERS]\
    2 %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignaturesHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = '127.0.0.1:33554'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]
Loading...