Malwaresdestructor.com
Malwaresdestructor.com is a rogue website sponsoring the fake spyware remover Malware Destructor 2009. In order to achieve this goal, trojans gain access to your computer through security vulnerabilities and alter the browser settings, causing web-surfing activities to be interrupted and diverted to the Malwaresdestructor.com web page. Once here, your PC is subject to a fake online scan that reports fabricated infection results in an attempt to scare you into purchasing the rogue spyware remover Malware Destructor 2009.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Application Data\345d567 2 %Documents and Settings%\All Users\Application Data\345d567\384.mof 3 %Documents and Settings%\All Users\Application Data\345d567\MD345d.exe 4 %Documents and Settings%\All Users\Application Data\345d567\MdestrSys 5 %Documents and Settings%\All Users\Application Data\345d567\MDestrSys\vd952342.bd 6 %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll 7 %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll 8 %Documents and Settings%\All Users\Application Data\MdestrSys 9 %Documents and Settings%\All Users\Application Data\MDestrSys\mdestr.cfg 10 %UserProfile%\Application Data\Malware Destructor 2009 11 %UserProfile%\Application Data\Malware Destructor 2009\cookies.sqlite 12 %UserProfile%\Application Data\Malware Destructor 2009\Instructions.ini 13 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Destructor 2009.lnk 14 %UserProfile%\Desktop\Malware Destructor 2009.lnk 15 %UserProfile%\Local Settings\Temp\del.bat 16 %UserProfile%\Recent\ANTIGEN.exe 17 %UserProfile%\Recent\ANTIGEN.sys 18 %UserProfile%\Recent\cb.drv 19 %UserProfile%\Recent\energy.exe 20 %UserProfile%\Recent\energy.tmp 21 %UserProfile%\Recent\FS.sys 22 %UserProfile%\Recent\FS.tmp 23 %UserProfile%\Recent\FW.dll 24 %UserProfile%\Recent\hymt.exe 25 %UserProfile%\Recent\kernel32.drv 26 %UserProfile%\Recent\PE.dll 27 %UserProfile%\Recent\PE.tmp 28 %UserProfile%\Recent\tempdoc.exe 29 %UserProfile%\Recent\tjd.tmp 30 %UserProfile%\Start Menu\Malware Destructor 2009.lnk 31 %UserProfile%\Start Menu\Programs\Malware Destructor 2009.lnk 32 %WINDOWS%\Temp\IMT7.xml 33 %WINDOWS%\Temp\IMT8.xml 34 %WINDOWS%\Temp\IMT9.xml
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\MD345d.DocHostUIHandler
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.