Home Malware Programs Rogue Anti-Spyware Programs GT Virus Scan

GT Virus Scan

Posted: September 24, 2010

GT Virus Scan is a dangerous fake security application that is known to be installed through the use of a Trojan horse parasite. Once installed on a system, GT Virus Scan may then initiate system scans that return several falsified results. GT Virus Scan is also known to bombard computer users with a plethora of popup alerts and fake system notifications.

GT Virus Scan comes from the Antivirus GT group of rogue anti-spyware programs. GT Virus Scan is nothing more than a ploy to get users to purchase a full version of the application unsuspecting its inability to detect and remove legitimate parasites.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Desktop\AntivirusGT.lnk
    2 antivirusGT.exe
    3 C:\Documents and Settings\[User Name]\Local Settings\Temp\MicrosoftExtensions.dll
    4 C:\Documents and Settings\All Users\Start Menu\AVGT\
    5 C:\Documents and Settings\All Users\Start Menu\AVGT\AntivirusGT.lnk
    6 C:\Documents and Settings\All Users\Start Menu\AVGT\Uninstall.lnk
    7 C:\Program Files\AVGT\
    8 C:\Program Files\AVGT\antivirusGT.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\EVA246HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AVGT"HKEY_CURRENT_USER\Software\WinFDHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 05.07.2010"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}
Loading...