Sysguard2010.microsoft.com
Sysguard2010.microsoft.com is a malicious website used to promote the notorious rogue anti-spyware program Antivirus System PRO. Antivirus System PRO uses trojans to hijack the browser and redirect the user to Sysguard2010.microsoft.com. Sysguard2010.microsoft.com will appear to be an Internet Explorer warning page, which claims that the website the user has been browsing is unsafe, and recommends that Antivirus System PRO be purchased in order to continue. Remove Antivirus System PRO when detected and do not fall for Sysguard2010.microsoft.com's trickery.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Antivirus System PRO\conf.cfg 2 %ProgramFiles%\Antivirus System PRO\mbase.vdb 3 %ProgramFiles%\Antivirus System PRO\quarantine.vdb 4 %ProgramFiles%\Antivirus System PRO\queue.vdb 5 c:\WINDOWS\system32\iehelper.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PROHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus System PRO
This is so awesome! What a time to be alive! I want everyone to experience this feeling! Great work and a big pat on the back to everyone involved in bringing these images to us.