Www1.savewayforurown-pc.in
Www1.savewayforurown-pc.in is a corrupt scanner page that installs the CleanUp Antivirus rogue antispyware program. Computer users may find themselves on Www1.savewayforurown-pc.in after clicking on dodgy search results. Www1.savewayforurown-pc.in produces a fake system scan and pretends to analyze your computer's disks and directories in an attempt to find parasites. Soon Www1.savewayforurown-pc.in will display a report stating that your machine is in big danger. Www1.savewayforurown-pc.in will urge hapless users to purchase CleanUp Antivirus to remove the alleged threats. Do not fall for this blatant scam, CleanUp Antivirus is useless. Use a proven antispyware program to detect and remove all threats associated to this scam.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus 2 %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus\cookies.sqlite 3 %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus\Instructions.ini 4 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk 5 %Documents and Settings%\[UserName]\Desktop\CleanUp Antivirus.lnk 6 %Documents and Settings%\[UserName]\Recent\cb.tmp 7 %Documents and Settings%\[UserName]\Recent\CLSV.tmp 8 %Documents and Settings%\[UserName]\Recent\DBOLE.dll 9 %Documents and Settings%\[UserName]\Recent\DBOLE.sys 10 %Documents and Settings%\[UserName]\Recent\eb.tmp 11 %Documents and Settings%\[UserName]\Recent\exec.tmp 12 %Documents and Settings%\[UserName]\Recent\FS.dll 13 %Documents and Settings%\[UserName]\Recent\grid.exe 14 %Documents and Settings%\[UserName]\Recent\pal.drv 15 %Documents and Settings%\[UserName]\Recent\pal.tmp 16 %Documents and Settings%\[UserName]\Recent\PE.exe 17 %Documents and Settings%\[UserName]\Recent\tempdoc.drv 18 %Documents and Settings%\[UserName]\Recent\tempdoc.tmp 19 %Documents and Settings%\[UserName]\Recent\tjd.sys 20 %Documents and Settings%\[UserName]\Recent\tjd.tmp 21 %Documents and Settings%\[UserName]\Start Menu\CleanUp Antivirus.lnk 22 %Documents and Settings%\All Users\Application Data\345d567 23 %Documents and Settings%\All Users\Application Data\345d567\46.mof 24 %Documents and Settings%\All Users\Application Data\345d567\BackUp 25 %Documents and Settings%\All Users\Application Data\345d567\CU345d.exe 26 %Documents and Settings%\All Users\Application Data\345d567\CUA.ico 27 %Documents and Settings%\All Users\Application Data\345d567\CUASys 28 %Documents and Settings%\All Users\Application Data\345d567\CUASys\vd952342.bd 29 %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll 30 %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items 31 %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll 32 %Documents and Settings%\All Users\Application Data\CUCAISTUA 33 %Documents and Settings%\All Users\Application Data\CUCAISTUA\CUEWA.cfg 34 %Program Files%\Mozilla Firefox\searchplugins\search.xml
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Library1.00195"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CleanUp Antivirus"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "%Documents and Settings%\All Users\Application Data\345d567\CU345d.exe"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "%Documents and Settings%\All Users\Application Data\345d567\CU345d.exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.