Home Malware Programs Hijackers Sotrshop.com


Posted: February 21, 2011

Sotrshop.com is a promotional website for the dangerous rogue security product AntiVira Av. In addition to promoting an illegal and harmful program, Sotrshop.com may also attempt to install malware on your system without your permission. Information given to Sotrshop.com is as good as given to criminals, and any attempt to purchase Sotrshop.com products will be met with exploitation. Steer far from the Sotrshop.com website, and if your browser redirects to Sotrshop.com, enact appropriate security scans to catch hijacker that's probably hiding on your computer.

AntiVira Av – Sotrshop.com's Partner in Crime

Sotrshop.com's flagship product, AntiVira Av, is purely a threat of the worst order. Though AntiVira Av may initially fool computer users with polished looks, even a casual analysis of AntiVira Av's behavior indicates it as a real danger to your computer.

  • AntiVira Av can't detect or remove infections from your system. Instead of doing this, AntiVira Av will spawn corrupt files to fake the existence of other infections, and then accuse these files of various kinds of attacks and damage. The threatening messages and scan results will not stop until AntiVira Av itself is stopped – by completely deleting it.
  • The AntiVira Av malware will also close programs you try to run that actually have the ability to isolate and exterminate infections. Error messages generated in this case are just another kind of smokescreen; because of this behavior, AntiVira Av is best deleted when you've prevented it from running at all.
  • While AntiVira Av is on your computer, your web browser will be redirected towards Sotrshop.com. This is often done through altering your search results, but even your homepage may be violated and set to Sotrshop.com regardless of how many times you change it back to your old one. All warning messages and advertisements that block normally safe sites are to be viewed with great distrust, since they're likely to be just more hijacking attempts with a more elegant disguise.

The Danger of Sotrshop.com Itself to Your Computer

Computer users who are sure that AntiVira Av isn't on their machine may still be at risk from Sotrshop.com. Even a brief contact with the Sotrshop.com domain can result in Trojans and other infections slinking onto your system with nary a warning. Prolonged interaction, of course, only increases this risk! Having extremely defensive browser and security settings will usually keep your computer safe during casual contact with malicious domains. The catch is that many legitimate websites require enabling certain settings, such as JavaScript or plugins, which can then be abused by dangerous sites like Sotrshop.com. Therefore, keeping far from the site entirely is your best protection.

If you've already given information or money to Sotrshop.com, don't despair immediately. In many cases, a well-reasoned conversation with your credit card company will allow you to cancel any charges made for a fraudulent product. Be aware of the potential danger of unwanted charges and identity theft; however, Sotrshop.com may look like a professional site, but the pros behind Sotrshop.com's wheel are the hackers with no regard for the law.

File System Modifications

  • The following files were created in the system:
    # File Name
    2 %Temp%\[random]\[RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0?HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer"= “http=\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = "1?HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]