Home Rogue Websites Antivirusonlinescan03.com

Antivirusonlinescan03.com

Posted: September 11, 2009

Antivirusonlinescan03.com is a rogue website sponsoring the fake spyware remover called Personal Antivirus. To achieve this goal, trojans infiltrate your computer through security vulnerabilities and alter the browser settings, causing web-surfing activities to be interrupted and diverted to the Antivirusonlinescan03.com web page. Once here, your PC is subject to a fraudulent online scan that reports fabricated infection results in order to scare you into purchasing Personal Antivirus.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
    2 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
    3 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
    4 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
    5 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
    6 %Program Files%\Personal Antivirus
    7 %Program Files%\Personal Antivirus\activate.ico
    8 %Program Files%\Personal Antivirus\db
    9 %Program Files%\Personal Antivirus\db\DBInfo.ver
    10 %Program Files%\Personal Antivirus\db\ia080614.db
    11 %Program Files%\Personal Antivirus\db\ia080618x.db
    12 %Program Files%\Personal Antivirus\Explorer.ico
    13 %Program Files%\Personal Antivirus\Languages
    14 %Program Files%\Personal Antivirus\Languages\IAEs.lng
    15 %Program Files%\Personal Antivirus\Languages\IAFr.lng
    16 %Program Files%\Personal Antivirus\Languages\IAGer.lng
    17 %Program Files%\Personal Antivirus\Languages\IAIt.lng
    18 %Program Files%\Personal Antivirus\PerAvir.exe
    19 %Program Files%\Personal Antivirus\unins000.dat
    20 %Program Files%\Personal Antivirus\uninstall.ico
    21 %Program Files%\Personal Antivirus\working.log
    22 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
    23 %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
    24 %UserProfile%\Application Data\Personal Antivirus
    25 %UserProfile%\Application Data\Personal Antivirus\db
    26 %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
    27 %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
    28 %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
    29 %UserProfile%\Application Data\Personal Antivirus\settings.ini
    30 %UserProfile%\Application Data\Personal Antivirus\uill.ini
    31 %UserProfile%\Application Data\Personal Antivirus\unins000.exe
    32 %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
    33 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
    34 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
    35 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
    36 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
    37 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
    38 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
    39 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
    40 %WINDOWS%\system32\log.txt

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINEHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngineHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Personal Antivirus_is1