Www1.setupclean-softpc.in
Www1.setupclean-softpc.in is a fake scanner website providing support to the rogue anti-virus program Security Antivirus. Technically Www1.setupclean-softpc.in is an HTML script. Security Antivirus uses Trojans to enter the PC and hijack the browser so users are redirected to Www1.setupclean-softpc.in even though they have no intention of ending up there. These Trojans change the browser settings. Www1.setupclean-softpc.in will then produce a fake scan which warns that the system is full of various threats. Www1.setupclean-softpc.in will then tell you to buy Security Antivirus to remove these alleged threats. Get rid of Www1.setupclean-softpc.in hijacker by removing the Trojans from your PC with a reliable anti-virus program.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk 2 %Documents and Settings%\[UserName]\Application Data\Security Antivirus 3 %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite 4 %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk 5 %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv 6 %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe 7 %Documents and Settings%\[UserName]\Recent\cid.dll 8 %Documents and Settings%\[UserName]\Recent\CLSV.drv 9 %Documents and Settings%\[UserName]\Recent\DBOLE.sys 10 %Documents and Settings%\[UserName]\Recent\ddv.dll 11 %Documents and Settings%\[UserName]\Recent\ddv.sys 12 %Documents and Settings%\[UserName]\Recent\energy.tmp 13 %Documents and Settings%\[UserName]\Recent\FS.drv 14 %Documents and Settings%\[UserName]\Recent\gid.drv 15 %Documents and Settings%\[UserName]\Recent\PE.drv 16 %Documents and Settings%\[UserName]\Recent\PE.exe 17 %Documents and Settings%\[UserName]\Recent\PE.sys 18 %Documents and Settings%\[UserName]\Recent\PE.tmp 19 %Documents and Settings%\[UserName]\Recent\runddlkey.dll 20 %Documents and Settings%\[UserName]\Recent\std.exe 21 %Documents and Settings%\[UserName]\Recent\tjd.drv 22 %Documents and Settings%\[UserName]\Recent\tjd.sys 23 %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk 24 %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk 25 %Documents and Settings%\All Users\Application Data\345d567 26 %Documents and Settings%\All Users\Application Data\345d567\72.mof 27 %Documents and Settings%\All Users\Application Data\345d567\BackUp 28 %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk 29 %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk 30 %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll 31 %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items 32 %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe 33 %Documents and Settings%\All Users\Application Data\345d567\SAV.ico 34 %Documents and Settings%\All Users\Application Data\345d567\SAVSys 35 %Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd 36 %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll 37 %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg 38 %Program Files%\Mozilla Firefox\searchplugins\search.xml
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\3HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.