Home Malware Programs Rogue Anti-Spyware Programs Crusader Antivirus

Crusader Antivirus

Posted: May 20, 2009

Crusader Antivirus is a rogue anti-spyware program that comes from the same group of hackers that created other fake security applications such as Spyware Destroyer and Secure Antivirus Pro. Crusader Antivirus comes from either a malicious website or a Trojan horse infection. If infected with this Trojan, usually found to be the Zlob Trojan or one of its variants, you will get bogus popup messages and security alerts that display notices stating that your PC is infected with parasites. The messages are part of a scam to get you to purchase the full Crusader Antivirus application.

Crusader Antivirus is programmed to load at startup of your system. Once Crusader Antivirus is loaded, it starts to automatically scan your system for malware. Crusader Antivirus' scan results are phony and should not be trusted. It is possible that Zlob Trojan can decrease system performance and potentially harm your system.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\CrusaderAntivirus.lnk
    2 %UserProfile%\Desktop\CrusaderAntivirus.lnk
    3 %UserProfile%\Start Menu\Programs\Crusader Antivirus
    4 %UserProfile%\Start Menu\Programs\Crusader Antivirus\CrusaderAntivirus.lnk
    5 %UserProfile%\Start Menu\Programs\Crusader Antivirus\Uninstall Crusader Antivirus.lnk
    6 c:\Program Files\Crusader Antivirus\blacklist.cga
    7 c:\Program Files\Crusader Antivirus\core.cga
    8 c:\Program Files\Crusader Antivirus\CoreExt.dll
    9 c:\Program Files\Crusader Antivirus\CrusaderAntivirus.exe
    10 c:\Program Files\Crusader Antivirus\firewall.dll
    11 c:\Program Files\Crusader Antivirus\Help
    12 c:\Program Files\Crusader Antivirus\Help\reg.html
    13 c:\Program Files\Crusader Antivirus\Help\support.png
    14 c:\Program Files\Crusader Antivirus\Uninstall.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Crusader Antivirus"

Related Posts

Loading...