PC-Scannerr.com
PC-Scannerr.com is a rogue website which hijacks the Internet browser. PC-Scannerr.com appears to be My Computer GUI but is not. An unsuspecting user will be redirected to PC-Scannerr.com via a Trojan that enters the vulnerable computer. PC-Scannerr.com will advertise the Advanced Virus Remover and Cyber Security applications which are actually useless. Advanced Virus Remover and Cyber Security are scareware tools that frighten a gullible computer user into thinking the computer has been infected with loads viruses, Trojans and other types of malware. PC-Scannerr.com mimics a computer scan and then tells you to install Advanced Virus Remover or Cyber Security to keep your computer protected. PC-Scannerr.com is a corrupt domain that should be terminated from the infected computer immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Microsoft\Internet Explorer\Quick Launch\CS.lnk 2 %Documents and Settings%\All Users\Start Menu\CS 3 %Documents and Settings%\All Users\Start Menu\CS\Computer Scan.lnk 4 %Documents and Settings%\All Users\Start Menu\CS\Cyber Security.lnk 5 %Documents and Settings%\All Users\Start Menu\CS\Help.lnk 6 %Documents and Settings%\All Users\Start Menu\CS\Registration.lnk 7 %Documents and Settings%\All Users\Start Menu\CS\Security Center.lnk 8 %Documents and Settings%\All Users\Start Menu\CS\Settings.lnk 9 %Documents and Settings%\All Users\Start Menu\CS\Update.lnk 10 %Program Files%\AdvancedVirusRemover 11 %Program Files%\AdvancedVirusRemover\PAVRM.exe 12 %Program Files%\Common Files\CSUninstall 13 %Program Files%\Common Files\CSUninstall\Uninstall.lnk 14 %Program Files%\CS 15 %Program Files%\CS\tsc.exe 16 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk 17 %UserProfile%\Desktop\Advanced Virus Remover.lnk 18 %UserProfile%\Desktop\Cyber Security.lnk 19 %UserProfile%\Start Menu\Advanced Virus Remover.lnk 20 %WINDOWS%\system32\iehelpmod.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AVRHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRUHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “CS”HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}HKEY_LOCAL_MACHINE\Software\00308937HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}CS
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.