Home Malware Programs Hijackers Avrdownnew30.com


Posted: January 15, 2010

Avrdownnew30.com is a dangerous website known to be a hijacker. Avrdownnew30.com can virtually take over certain functions of a computer user's web browser application and redirect them to malicious sources that install malware. Avrdownnew30.com was found to be associated to the rogue application Internet Security 2010 as it is promoted via the Avrdownnew30.com domain.

Computer users should use caution in surfing the internet and avoid sites such as Avrdownnew30.com. Landing on Avrdownnew30.com may render your web browser unusable or vulnerable to malicious downloads.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Program Files%\InternetSecurity2010
    2 %Program Files%\InternetSecurity2010\IS2010.exe
    3 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
    4 %UserProfile%\Desktop\Internet Security 2010.lnk
    5 %UserProfile%\Start Menu\Internet Security 2010.lnk
    6 %WINDOWS%\system32\smss32.exe
    7 %WINDOWS%\system32\winhelper86.dll
    8 %WINDOWS%\system32\winlogon86.exe
    9 %WINDOWS%\system32\winupdate86.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\IS2010HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Security 2010"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winupdate86.exe"