Antivirea.com
Antivirea.com is a malicious website that promotes the rogue anti-virus program called Antivirus Protection. Antivirea.com will try to tell you that Antivirus Protection is a highly beneficial product with features that justify a high price tag, but Antivirus Protection lacks even a single real anti-virus function. Instead, Antivirea.com's malicious software will hijack control of your web browser, shut down applications without your permission and seed confusion with large amounts of fake system warnings. If you have an infection resembling the one described above, you should remove Antivirea.com-related software by using real anti-malware programs and avoid even the slightest contact with Antivirea.com.
Easily-Observable Warnings of an Antivirea.com Attack
The program that Antivirea.com purports to sell, Antivirus Protection, is nothing more than an infection disguised to look like a legitimate anti-virus scanner. Antivirus Protection is also sold under many other names, such as Antivirus .NET, AntiVira AV and Antivirus Monitor. Even Antivirea.com itself has numerous mirror sites; some examples include Antivirvip.net, Antivirvip.com and Antivirart.com.
Purchasing Antivirus Protection or other rogue security program from Antivirea.com or a related website have a high probability of subjecting your credit card to recurring fraudulent charges. If this has happened to you, you should speak with your credit card company and dispute these charges.
Even if you only visit Antivirea.com without giving Antivirea.com any information, Antivirea.com may use browser exploits to infect your computer with Trojans that forcibly install Antivirus Protection. Keep your browser security settings high and only allow exceptions for trusted sources to minimize the chance of such attacks getting through to your PC.
The two primary symptoms of an attack by Antivirea.com are:
- The unexpected presence of Antivirus Protection or a similar fake anti-virus application. These programs will create unwarranted errors messages and crash applications with false warnings like this one:
Security Alert
Virus Alert!
Application can't be started! The file [application executable] is damaged. Do you want to activate your anti-virus software now? - A hijacked web browser that redirects you to Antivirea.com. Hijacking attacks may conceal themselves by only acting after you click a search result, by changing your homepage, or by using fake error messages to stop you from visiting safe sites.
Refusing Antivirea.com's No-Good Protection
Attempting to remove Antivirea.com rogue security software while the above problems are still occurring is difficult; your best option is to stop the infections from running before you try to delete them. Safe Mode or another alternate boot option (such as switching to a different operating system) will prevent Antivirea.com malware from launching automatically, since Antivirus Protection relies on Windows Registry startup entries.
When you're sure that all harmful programs related to Antivirea.com are inactive, you can download any required software or updates to detect and remove these threats as part of an overall scan on your system. Removing Antivirus Protection and other Antivirea.com-related problems by deleting the files yourself is much less effective, and may cause a loss of Internet connectivity and other issues.
Be careful to change all settings back to normal and avoid visiting Antivirea.com once your PC is clean again; even a brief moment at Antivirea.com is all it takes for a new Trojan to barrel its way into your computer.
File System Modifications
- The following files were created in the system:
# File Name 1 %Temp%\[RANDOM CHARACTERS]\ 2 %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:59274'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.