Msantivirus-xp.com
Msantivirus-xp.com is a browser hijacker created to promote and finally download rogue anti-spyware MS Antivirus 2008 (also known as MS Anti-virus or MSA). Msantivirus-xp.com may redirect your Internet browser to its website, where rogue anti-spyware MS Antivirus's licensed program is sold. MS Antivirus may run its fake system scanner to lure you into buying its product from Msantivirus-xp.com. MS Antivirus may also show fake messages, like:
"Virus Protection disabled. Your PC is unguarded against most known viruses and can be infected. Click 'Enable Virus Protection' to protect your PC and secure your Internet activity."
"Spyware Protection is disabled. Your personal data is at high risk of being stolen and misused. Click 'Enable Spyware Protection' to let system detect spyware threats, remove them and protect your personal information, credit card and bank details from unauthorized use."
If you click on 'Enable Virus Protection' or 'Enable Spyware Protection', you'll be redirected to Msantivirus-xp.com where you can purchase MS Antivirus's "licensed" program. Msantivirus-xp.com is a rogue website, and nothing stated on this website or anywhere related to this website is true. Msantivirus-xp.com uses these mechanisms only to finally redirect you to its website to push you to buy MS Antivirus 2008's full version of the program.
File System Modifications
- The following files were created in the system:
# File Name 1 cfqbw.dll 2 fdpzgi.dll 3 gtawclv.dll 4 iesplugin.dll 5 iesuninst.exe 6 isaddon.dll 7 isamini.exe 8 isamonitor.exe 9 khtbpdl.dll 10 Online Security Guide.url 11 pmmon.exe 12 pmsngr.exe 13 pmuninst.exe 14 Security Troubleshooting.url 15 veptlh.dll 16 vjxwnn.dll 17 vmlwp.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}IExplorer Security Plug-inInternet Explorer Secure BarMessenger Service
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.