Home Rogue Websites Scan-virusremover2009.com

Scan-virusremover2009.com

Posted: June 8, 2009

Scan-virusremover2009.com is a rogue website sponsoring the fake spyware remover System Security 2009. In order to achieve this goal, trojans infiltrate your computer through security holes and alter the browser settings, causing web-surfing activities to become interrupted and diverted to the Scan-virusremover2009.com web page. Once here, your PC is subject to a fake online scan that reports numerous fabricated infection results in order to scare you into purchasing System Security 2009.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %\Documents and Settings%\All Users\Application Data\00308937\00308937.exe
    2 %\Documents and Settings%\All Users\Application Data\00308937\config.udb
    3 %\Documents and Settings%\All Users\Application Data\00308937\pc00308937ins
    4 %Program Files%\AdvancedVirusRemover
    5 %Program Files%\AdvancedVirusRemover\PAVRM.exe
    6 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
    7 %UserProfile%\Desktop\Advanced Virus Remover.lnk
    8 %UserProfile%\Desktop\System Security 2009.lnk
    9 %UserProfile%\Start Menu\Advanced Virus Remover.lnk
    10 %UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnk
    11 %UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AVRHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRUHKEY_LOCAL_MACHINE\Software\00308937HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "00308937"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SystemSecurity2009
Loading...