Osawarepro2009.microsoft.com
Osawarepro2009.microsoft.com is a malicious domain that is used to advertise the rogue anti-spyware program Antivirus System PRO. Osawarepro2009.microsoft.com is a fake warning page, which claims that whichever website you've been browsing may be malicious. The warning will then try to convince you to purchase and download Antivirus System PRO in order to continue browsing. Do not trust this website, and remove Antivirus System PRO as soon as it appears.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Antivirus System PRO\conf.cfg 2 %ProgramFiles%\Antivirus System PRO\mbase.vdb 3 %ProgramFiles%\Antivirus System PRO\quarantine.vdb 4 %ProgramFiles%\Antivirus System PRO\queue.vdb 5 c:\WINDOWS\system32\iehelper.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PROHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus System PRO
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.