Ghost-Antivirus.com
Ghost-Antivirus.com is a malicious website that was designed to promote and sell the rogue anti-spyware program Ghost Antivirus. Ghost-Antivirus.com can be very misleading to a gullible computer user in the way that it advertises the rogue Ghost Antivirus as a security application that is able to detect and remove viruses.
Ghost-Antivirus.com cannot be trusted and should never be visited. Use of Ghost-Antivirus.com may end up damaging a user's computer because they ended up downloading and installing the Ghost Antivirus rogue application.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\ 2 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\links.txt 3 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\properties 4 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\times.conf 5 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\settings.ini 6 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\uill.ini 7 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\unins000.exe 8 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk 9 %Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk 10 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png 11 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png 12 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png 13 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\pguard.ini 14 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\services.exe 15 %Documents and Settings%\All Users\Application Data\Ghost Antivirus\ 16 %Documents and Settings%\All Users\Desktop\Ghost Antivirus.lnk 17 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\ 18 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk 19 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk 20 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk 21 %Program Files%\Ghost Antivirus\ 22 %Program Files%\Ghost Antivirus\ghostav.exe 23 %Program Files%\Ghost Antivirus\Languages\ 24 %Program Files%\Ghost Antivirus\lib\ 25 %Program Files%\Ghost Antivirus\lib\ghost.sql 26 %Program Files%\Ghost Antivirus\lib\Infected.wav 27 %Program Files%\Ghost Antivirus\lib\listing.cfg 28 %Program Files%\Ghost Antivirus\lib\version.db 29 %Program Files%\Ghost Antivirus\lib\WMILib.dll 30 %Program Files%\Ghost Antivirus\register.ico 31 %Program Files%\Ghost Antivirus\unins000.dat 32 %Program Files%\Ghost Antivirus\uninst.ico 33 %Program Files%\Ghost Antivirus\web.ico 34 %Program Files%\Ghost Antivirus\working.log 35 %WINDOWS%\System32\[random symbols].dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\FTP "SearchDir" = "%Program Files%\Ghost Antivirus\"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “onin”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Ghost Antivirus"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "3P_UDEC"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger" = "?"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "RealDebugger" = "?"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "RealLogonType" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent "URIAPRO[1.1.3.9]"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Ghost Antivirus_is1
Additional Information on Ghost-Antivirus.com
- The following domains were detected:
# Domain 1 93.190.140.165 Softwareanti com 2 93.190.140.165 Softwarejar com 3 93.190.140.165 Softwarerising com 4 93.190.140.165 Softwaresecure net 5 93.190.140.165 Softwarespyware net 6 93.190.140.165 Softwarethe net 7 93.190.140.165 Softwarethreats com 8 93.190.140.165 Softwarethreats net 9 93.190.140.165 Softwarexp net 10 93.190.140.165 Softwarespam net 11 93.174.95.194 Ghost-antivirus com 12 93.174.95.194 Ghost-pay com 13 93.174.95.194 Ghostantivirus com 14 93.174.95.194 Ghostpays com
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.