Antivirdial.com
Antivirdial.com is a criminal website that distributes and promotes Security Suite. Users infected with Security Suite will frequently encounter Antivirdial.com. When a victim clicks on any of the security warnings generated by Security Suite, he/she will also be redirected to Antivirdial.com. To stop getting redirected to Antivirdial.com, use a reputable anti-spyware program and remove Security Suite.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Local Settings\Application Data\\{random}shdw.exe 2 %UserProfile%\Local Settings\Application Data\{random}\
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522″HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{random}"HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe"HKEY_CURRENT_USER\Software\wnxmalHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "{random}"
It also says that admin deactivated taskmgr. How could I activate same?