Scan6New.com
Scan6New.com is a rogue website that promotes the phony Internet Antivirus Pro program. False security alert pop ups will show up on your PC screen telling you that your PC is infected to trick or scare you into purchasing the worthless Internet Antivirus Pro program.
The page at Scan6New.com reads:
"Windows is scanning your system for threats. The scanning is provided by our official partner Internet Antivirus Pro. Please refrain from closing the window until the scanning is finished.
We highly recommend you to install the full version of Internet Antivirus Pro scanner to monitor your PC for threats and on-time security system updates."
Then a pop up will appear that reads:
"Please note that Spyware is highly malicious for your PC information privacy. If you want to install the full version, please click "Ok", wait for the page to load, start the
installation process and follow the instructions. If you want to wait for scanning results to appear, please click "Cancel". After Internet Antivirus Pro is installed, you can close the scanning window and remove Spyware from your computer."
And then one more pop up will appear, if you cancel installation of the program, that reads:
"Your computer remains infected by viruses! It can cause data loss and file damages and need to be cured as soon as possible."
The infection is secretly installed by a Trojan. Avoid visiting this malicious site. If you happen to visit this rogue site, don't be tricked by this scam and do NOT purchase the bogus Internet Antivirus Pro program.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\IA\InternetAntivirusPro.exe 2 %ProgramFiles%\Internet Antivirus Pro\activate.ico 3 %ProgramFiles%\Internet Antivirus Pro\cookies.log\ 4 %ProgramFiles%\Internet Antivirus Pro\db\config.cfg 5 %ProgramFiles%\Internet Antivirus Pro\db\DBInfo.ver 6 %ProgramFiles%\Internet Antivirus Pro\db\ia080614.db 7 %ProgramFiles%\Internet Antivirus Pro\Explorer.ico 8 %ProgramFiles%\Internet Antivirus Pro\IAUpdater.exe 9 %ProgramFiles%\Internet Antivirus Pro\IAvir.exe 10 %ProgramFiles%\Internet Antivirus Pro\Scanner.log 11 %ProgramFiles%\Internet Antivirus Pro\unins000.dat 12 %ProgramFiles%\Internet Antivirus Pro\uninstall.ico 13 %ProgramFiles%\Internet Antivirus Pro\working.log 14 IAPro.exe 15 ska.dll 16 ska.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\IAVPHKEY_CURRENT_USER\Software\InternetAntivirusPro2008HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet AntivirusPro2008"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.keyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "InternetAntivirusPro2008"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.