Royalantivirus.microsoft.com
Royalantivirus.microsoft.com is malicious website which produces a fake Internet Explorer warning message that promotes the rogue anti-spyware program Antivirus System PRO. The message claims that the website the user is browsing is unsafe, and recommends that Antivirus System PRO be purchased in order to continue. The user will constantly be redirected to Royalantivirus.microsoft.com after malicious trojans connected to the rogue scam hijack the browser. Antivirus System PRO must not be trusted and should be terminated immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe 2 %ProgramFiles%\Antivirus System PRO\uninstall.exe 3 c:\WINDOWS\sysguard.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PROHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus System PRO
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.