Onlinescan-ultraantivirus2009.com
Onlinescan-ultraantivirus2009.com is a browser hijacker and rogue website that promotes the fake anti-spyware application Ultra Antivir2009. Onlinescan-ultraantivirus2009.com may hijack your homepage and redirect it to its malicious site. It is on the Onlinescan-ultraantivirus2009.com website that your PC will become infected with the nefarious Trojan Zlob which enters your PC undetected and changes your browser settings. It will then perform its other malicious attacks such as producing an online scanner with false results claiming that your PC is infected to trick you into purchasing the full version of the Ultra Antivir 2009 program; in reality the infections are non existent. Ultra Antivir 2009 may also display bogus pop ups and alerts to mislead you into purchasing the Ultra Antivir2009 application. The Onlinescan-ultraantivirus2009.com website and the Ultra Antivir2009 application are a fraud. Don't waste you money on this worthless program and if you become infected, remove them right away.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Application Data\7c69f0c 2 %Documents and Settings%\All Users\Application Data\7c69f0c\SystemStore 3 %Documents and Settings%\All Users\Application Data\7c69f0c\SystemStore\vd952342.bd 4 %Documents and Settings%\All Users\Application Data\7c69f0c\UA2009.exe 5 %Documents and Settings%\All Users\Application Data\SystemStore 6 %Documents and Settings%\All Users\Application Data\SystemStore\uavir.cfg 7 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ultra Antivir2009.lnk 8 %UserProfile%\Application Data\Ultra Antivir2009 9 %UserProfile%\Application Data\Ultra Antivir2009\Instructions.ini 10 %UserProfile%\Desktop\Ultra Antivir2009.lnk 11 %UserProfile%\Start Menu\Programs\Ultra Antivir2009.lnk 12 %UserProfile%\Start Menu\Ultra Antivir2009.lnk 13 %WINDOWS%\$hf_mig$\KB947864-IE7\update\kernel32.tmp 14 %WINDOWS%\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\delfile.sys 15 %WINDOWS%\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\CLSV.dll 16 %WINDOWS%\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\energy.exe 17 %WINDOWS%\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\CLSV.dll 18 %WINDOWS%\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\ANTIGEN.sys 19 %WINDOWS%\ime\exec.dll 20 %WINDOWS%\ime\snl2w.drv 21 %WINDOWS%\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE\2.0.50727\ANTIGEN.sys 22 %WINDOWS%\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE\2.0.50727\energy.exe 23 %WINDOWS%\ServicePackFiles\i386\ppal.dll 24 %WINDOWS%\ServicePackFiles\i386\ppal.tmp 25 %WINDOWS%\ServicePackFiles\i386\SICKBOY.exe 26 %WINDOWS%\ServicePackFiles\i386\snl2w.drv 27 %WINDOWS%\std.drv 28 %WINDOWS%\system32\tjd.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "4800156103"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Ultra Antivir2009"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}HKEY_CLASSES_ROOT\UA2009.DocHostUIHandler
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.