SecurityHelpCenter.com
Securityhelpcenter.com is a rogue website that sponsors the dangerous fake spyware remover Personal Antivirus. Due to a backdoor trojan, your computer's browser settings are altered in order to redirect your web-surfing activities to a scam warning, which reads:
"Warning! Visiting this site may harm your computer! This web site probably contains malicious software program, which can cause damage to your computer or perform actions without your permission. Your computer may be infected after visiting such a web site. We recommend you to install (or activate) antivirus security software."
If you follow this SecurityHelpCenter.com warning, you're taken to a web page to buy Personal Antivirus.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk 2 %UserProfile%\Application Data\Personal Antivirus\db 3 %UserProfile%\Application Data\Personal Antivirus\db\config.cfg 4 %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf 5 %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf 6 %UserProfile%\Application Data\Personal Antivirus\settings.ini 7 %UserProfile%\Application Data\Personal Antivirus\uill.ini 8 %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk 9 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png 10 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png 11 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png 12 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt 13 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini 14 c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk 15 c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus 16 c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk 17 c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk 18 c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk 19 c:\Program Files\Personal Antivirus\activate.ico 20 c:\Program Files\Personal Antivirus\db 21 c:\Program Files\Personal Antivirus\db\DBInfo.ver 22 c:\Program Files\Personal Antivirus\db\ia080614.db 23 c:\Program Files\Personal Antivirus\db\ia080618x.db 24 c:\Program Files\Personal Antivirus\Explorer.ico 25 c:\Program Files\Personal Antivirus\Languages 26 c:\Program Files\Personal Antivirus\Languages\IAEs.lng 27 c:\Program Files\Personal Antivirus\Languages\IAFr.lng 28 c:\Program Files\Personal Antivirus\Languages\IAGer.lng 29 c:\Program Files\Personal Antivirus\Languages\IAIt.lng 30 c:\Program Files\Personal Antivirus\unins000.dat 31 c:\Program Files\Personal Antivirus\uninstall.ico 32 c:\Program Files\Personal Antivirus\working.log 33 c:\WINDOWS\system32\log.txt
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINEHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngineHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Personal Antivirus_is1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.