Home Malware Programs Browser Hijackers Suspiciouswebsiteblock.com

Suspiciouswebsiteblock.com

Posted: September 21, 2009

Suspiciouswebsiteblock.com is a malicious hijacker website that is known to promote the rogue anti-spyware program Personal Antivirus. Suspiciouswebsiteblock.com can employ many malicious actions such as changing your web browser settings and block certain sites. Suspiciouswebsiteblock.com displays many misleading messages to push computer users into purchasing a full Personal Antivirus application.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
    2 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
    3 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
    4 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
    5 %Program Files%\Personal Antivirus\activate.ico
    6 %Program Files%\Personal Antivirus\db\DBInfo.ver
    7 %Program Files%\Personal Antivirus\db\ia080614.db
    8 %Program Files%\Personal Antivirus\db\ia080618x.db
    9 %Program Files%\Personal Antivirus\Explorer.ico
    10 %Program Files%\Personal Antivirus\Languages\IAEs.lng
    11 %Program Files%\Personal Antivirus\Languages\IAFr.lng
    12 %Program Files%\Personal Antivirus\Languages\IAGer.lng
    13 %Program Files%\Personal Antivirus\Languages\IAIt.lng
    14 %Program Files%\Personal Antivirus\PerAvir.exe
    15 %Program Files%\Personal Antivirus\unins000.dat
    16 %Program Files%\Personal Antivirus\uninstall.ico
    17 %Program Files%\Personal Antivirus\working.log
    18 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
    19 %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
    20 %UserProfile%\Application Data\Personal Antivirus
    21 %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
    22 %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
    23 %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
    24 %UserProfile%\Application Data\Personal Antivirus\settings.ini
    25 %UserProfile%\Application Data\Personal Antivirus\uill.ini
    26 %UserProfile%\Application Data\Personal Antivirus\unins000.exe
    27 %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
    28 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
    29 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
    30 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
    31 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
    32 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
    33 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
    34 %WINDOWS%\system32\log.txt

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINEHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngineHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Personal Antivirus_is1
Loading...