Antivirusfolderscanner.com
Antivirusfolderscanner.com is a rogue website sponsoring the fake spyware remover Personal Antivirus. To achieve this goal, trojans infiltrate your computer through security vulnerabilities and alter the browser settings, causing web-surfing activities to become interrupted and diverted to the Antivirusfolderscanner.com web page. Once here, your PC is subject to a fake online scan that reports fabricated infection results in order to scare you into purchasing and downloading Personal Antivirus.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk 2 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus 3 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk 4 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk 5 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk 6 %Program Files%\Personal Antivirus 7 %Program Files%\Personal Antivirus\activate.ico 8 %Program Files%\Personal Antivirus\db 9 %Program Files%\Personal Antivirus\db\DBInfo.ver 10 %Program Files%\Personal Antivirus\db\ia080614.db 11 %Program Files%\Personal Antivirus\db\ia080618x.db 12 %Program Files%\Personal Antivirus\Explorer.ico 13 %Program Files%\Personal Antivirus\Languages 14 %Program Files%\Personal Antivirus\Languages\IAEs.lng 15 %Program Files%\Personal Antivirus\Languages\IAFr.lng 16 %Program Files%\Personal Antivirus\Languages\IAGer.lng 17 %Program Files%\Personal Antivirus\Languages\IAIt.lng 18 %Program Files%\Personal Antivirus\PerAvir.exe 19 %Program Files%\Personal Antivirus\unins000.dat 20 %Program Files%\Personal Antivirus\uninstall.ico 21 %Program Files%\Personal Antivirus\working.log 22 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk 23 %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe 24 %UserProfile%\Application Data\Personal Antivirus 25 %UserProfile%\Application Data\Personal Antivirus\db 26 %UserProfile%\Application Data\Personal Antivirus\db\config.cfg 27 %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf 28 %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf 29 %UserProfile%\Application Data\Personal Antivirus\settings.ini 30 %UserProfile%\Application Data\Personal Antivirus\uill.ini 31 %UserProfile%\Application Data\Personal Antivirus\unins000.exe 32 %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk 33 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png 34 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png 35 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png 36 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe 37 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt 38 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini 39 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe 40 %WINDOWS%\system32\log.txt
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINEHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngineHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Personal Antivirus_is1
Um, isn't Windows XP about to be discontinued in a couple of months? What is the point of starting to ship a PC with that?