Home Malware Programs Browser Hijackers Secure-your-pc.info

Secure-your-pc.info

Posted: March 1, 2010

Secure-your-pc.info or Scanner.secure-your-pc.info is a rogue security website that promotes the fake software called Antivirus. Secure-your-pc.info is put into users' browsers by sneaky Trojans. When a user visits Secure-your-pc.info many security alerts and pop-up messages will be generated. If the user clicks on one of these bogus security notifications he/she will be redirected to Scanner.secure-your-pc.info. This is where a fake online system scan will be conducted. The scan will claim that the computer is infected with malware that can only be removed with the "full version" of Antivirus. Antivirus is not a legitimate application. Use reliable security software to stop the redirects to Secure-your-pc.info by removing the Trojans associated with it.

Aliases

Scanner.secure-your-pc.info

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
    2 %Documents and Settings%\All Users\Desktop\Antivirus.lnk
    3 %Documents and Settings%\All Users\Start Menu\Programs\Antivirus
    4 %Program Files%\Antivirus
    5 %Program Files%\Antivirus\Antivirus.exe
    6 %Program Files%\Antivirus\AvBho.dll
    7 %Program Files%\Antivirus\Uninstall.exe
    8 %Program Files%\Antivirus\wscsvc32.exe
    9 %Temp%\winupd64x.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "wscsvc32.exe"HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\AvBho.AvBhoAppHKEY_CLASSES_ROOT\AvBho.AvBhoApp.1HKEY_CLASSES_ROOT\CLSID\{9d541c6a-573b-4888-b35e-6816e68c3620}HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}HKEY_CLASSES_ROOT\TypeLib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus

One Comment

  • Curt Cable says:
    March 4, 2010 at 8:08 am

    How do I break out of the program once it is running. I can't seem to stop it to see anything else. I don't see start menu or anything.

Loading...