Home Rogue Websites Antivirdom.com

Antivirdom.com

Posted: September 24, 2010

Antivirdom.com is an illicit site that was created to advertise and spread fake security applications such as the rogue anti-spyware program Security Suite. Antivirdom.com uses various persuasions to convince computer users that they must purchase the Security Suite application to detect and remove malware. The truth of the matter is that Antivirdom.com and the Security Suite program do not have the ability to detect or remove parasites. Antivirdom.com should never be visited.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Local Settings\Application Data\\{random}shdw.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{random}"HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe"HKEY_CURRENT_USER\Software\wnxmalHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "{random}"
Loading...