Windows Antivirus 2011
Windows Antivirus 2011 is a fake anti-virus application. Windows Antivirus 2011 attracts PC users to unknowingly execute malicious actions on a compromised computer system. Once your system has been infected with Windows Antivirus 2011, you could not set any of it's registry entries, and you could not even access any websites on that affected computer anymore. Windows Antivirus 2011 shows misleading warnings and deceptive scan results. Windows Antivirus 2011 detects imaginary malware threats on your system. Then Windows Antivirus 2011 offers you to purchase its imaginary registered version to remove all allegedly detected infections.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Antivirus 2011.lnk 2 %UserProfile%\Application Data\Windows Antivirus 2011 3 %UserProfile%\Application Data\Windows Antivirus 2011\cookies.sqlite 4 %UserProfile%\Application Data\Windows Antivirus 2011\Instructions.ini 5 %UserProfile%\Desktop\Windows Antivirus 2011.lnk 6 %UserProfile%\Start Menu\Programs\Windows Antivirus 2011.lnk 7 %UserProfile%\Start Menu\Windows Antivirus 2011.lnk 8 C:\Documents and Settings\All Users\Application Data\23077d\CB130_287.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\pezfileHKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_CLASSES_ROOT\pezfileHKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.