Antivirspace.com
Antivirspace.com is a browser hijacker that advertises and distributes Security Suite. Antivirspace.com is typically encountered by users that are already infected with Security Suite. Security Suite will display bogus security warnings that will redirect a victim to Antivirspace.com once clicked on. A victim will also be redirected to Antivirspace.com when attempting to browse the internet. Avoid Antivirspace.com and remove Security Suite upon detection.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Local Settings\Application Data\[random] 2 %UserProfile%\Local Settings\Application Data\\[random]shdw.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download ?CheckExeSignatures? = ?no?HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download ?RunInvalidSignatures? = ?1″HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter ?Enabled? = ?0″HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ?ProxyEnable? =?1″HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ?ProxyOverride? = ??HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ?ProxyServer? = ?http=127.0.0.1:6522″HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations ?LowRiskFileTypes? = ?.exe?HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments ?SaveZoneInformation? = ?1″HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ?[random]?HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache ?%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe?HKEY_CURRENT_USER\Software\wnxmalHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?[random]?
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.