Home Malware Programs Browser Hijackers Antivirus-protectsoft.microsoft.com

Antivirus-protectsoft.microsoft.com

Posted: April 2, 2010

Antivirus-protectsoft.microsoft.com is a malicious site that takes use of the Microsoft name to trick computer users into downloading the Antivirus Suite application. Antivirus-protectsoft.microsoft.com is usually visited by a system that is infected with malware. Antivirus-protectsoft.microsoft.com can lead to the download and installation of Antivirus Suite which can seriously harm a computer. Antivirus-protectsoft.microsoft.com can also hijack a web browser causing it to perform actions without permission of the computer user.

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[random string].exe"HKEY_LOCAL_MACHINE\SOFTWARE\avsuiteHKEY..\..\..\..{RegistryKeys}%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]ftav.exe%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[random string].exe"
Loading...