Home Rogue Websites Softmetalgroup.com

Softmetalgroup.com

Posted: February 16, 2010

Softmetalgroup.com is a corrupt domain and rogue website which promotes Antivirus Soft crimeware. A trojan infection accompanies Antivirus Soft rogue anti-spyware and changes Windows Hosts file to link the PC to a fraud IP server. Softmetalgroup.microsoft.com appears to be a warning page which uses scare tactics to get you to the Softmetalgroup.com/purchase page. On Softmetalgroup.com/purchase, you will be urged to spend your money a license for any one of the following useless things: Antivirus Soft Basic, Antivirus Soft Pro or Antivirus Soft Platinum; each of them being an equally hazardous scam and variant of Antivirus Soft. Softmetalgroup.com spreads this fake security software that promises to protect you but in fact only defends its creators' welfare. Remove this cyber pest and all related threats immediately using a reliable anti-spyware program.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
Loading...