Home Rogue Websites Softwaresh.com

Softwaresh.com

Posted: January 14, 2011

Softwaresh.com is a dangerous website which advertises a rogue antivirus program called Antivirus Scan. Both are recognized threats to any computer system and should be removed immediately once detected. Hackers running a devious cyberscam have designed softwareish.com and Anitivirus Scan to pilfer money from unwary computer users.

Besides advertising the rogue program, softwaresh.com can also hijack the browser to redirect users to a fake scan page. The scan will spew out bogus results claiming the PC is infected with all sorts of malware. The user will then be warned to purchase a copy of Antivirus Scan to remove the alleged threats. Do not fall for this trickery. It is a blatant scam.

Experts warn affected users not to click on anything related to softwaresh.com. An effective anti-malware program is highly recommended to make sure the computer is free of all threats.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\[random]\
    2 %Temp%\[random]\[random].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:59274'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"HKEY_CURRENT_USER\Software\[random]
Loading...