Home Rogue Websites Marezer.com

Marezer.com

Posted: January 5, 2011

Marezer.com is a fake website which is both dangerous to your livelihood and a threat to your computer. Marezer.com promotes and sells a dangerous rogue antivirus program known as Antivirus Scan. Marezer.com will appear after the Antivirus Scan infection enters your system and change the Internet configurations so that the browser constantly redirects to Marezer.com. Users will be blocked by a fake Internet warning when trying to visit other websites and will instead end up at the Marezer.com/shop. Do not click on the scan report or the fake popup alerts created by its software. To permanently fix the browser redirect, use a well known malware remover to remove all the software accompanying Marezer.com and Antivirus Scan or the problem will always come back.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\[random]\
    2 %Temp%\[random]\[random].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:59274"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"HKEY_CURRENT_USER\Software\[random]
Loading...