Home Malware Programs Browser Hijackers Antivirus-power.com

Antivirus-power.com

Posted: February 24, 2010

Antivirus-power.com is a rogue website that promotes the rogue anti-spyware program Antivirus Live 2010. When Antivirus Live 2010 badware enters your computer it changes the browser settings so that everytime you go online you are redirected to Antivirus-power.com. Antivirus-power.com produces a fake system scan showing bogus results which claim your system has been infected with loads of malware. Soon you will be urged to purchase Antivirus Live 2010 to remove the alleged threats. Do not fall for this elaborate scam and use a reliable anti-spyware program to remove all the badware associated to Antivirus Live 2010.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Local Settings\Application Data\[random symbols]\
    2 %UserProfile%\Local Settings\Application Data\[random symbols]\[random symbols]sysguard.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random symbols]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random symbols]"
Loading...