Www1.useclean-atyour-sys.in
Www1.useclean-atyour-sys.in is a browser hijacker for the Security Antivirus rogue anti-spyware tool. A Trojan virus related to Security Antivirus injects itself into a targeted system and changes the browser settings. Once this has taken place the user will repeatedly be redirected to Www1.useclean-atyour-sys.in which produces a fake webpage entitled "Security Threat Analysis". Do not fall for this trickery, the scan is a fake and produces bogus results. When the scanner is finished, Www1.useclean-atyour-sys.in will urge you to buy the above-mentioned scam program to remove the alleged threats. Remove Www1.useclean-atyour-sys.in and all threats associated to Security Antivirus using a reliable anti-virus program.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk 2 %Documents and Settings%\[UserName]\Application Data\Security Antivirus 3 %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite 4 %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk 5 %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv 6 %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe 7 %Documents and Settings%\[UserName]\Recent\cid.dll 8 %Documents and Settings%\[UserName]\Recent\CLSV.drv 9 %Documents and Settings%\[UserName]\Recent\DBOLE.sys 10 %Documents and Settings%\[UserName]\Recent\ddv.dll 11 %Documents and Settings%\[UserName]\Recent\ddv.sys 12 %Documents and Settings%\[UserName]\Recent\energy.tmp 13 %Documents and Settings%\[UserName]\Recent\FS.drv 14 %Documents and Settings%\[UserName]\Recent\gid.drv 15 %Documents and Settings%\[UserName]\Recent\PE.drv 16 %Documents and Settings%\[UserName]\Recent\PE.exe 17 %Documents and Settings%\[UserName]\Recent\PE.sys 18 %Documents and Settings%\[UserName]\Recent\PE.tmp 19 %Documents and Settings%\[UserName]\Recent\runddlkey.dll 20 %Documents and Settings%\[UserName]\Recent\std.exe 21 %Documents and Settings%\[UserName]\Recent\tjd.drv 22 %Documents and Settings%\[UserName]\Recent\tjd.sys 23 %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk 24 %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk 25 %Documents and Settings%\All Users\Application Data\345d567 26 %Documents and Settings%\All Users\Application Data\345d567\72.mof 27 %Documents and Settings%\All Users\Application Data\345d567\BackUp 28 %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk 29 %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk 30 %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll 31 %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items 32 %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe 33 %Documents and Settings%\All Users\Application Data\345d567\SAV.ico 34 %Documents and Settings%\All Users\Application Data\345d567\SAVSys 35 %Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd 36 %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll 37 %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg 38 %Program Files%\Mozilla Firefox\searchplugins\search.xml 39 ANTIGEN.exe 40 PE.exe 41 SA345d.exe 42 Std.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\3HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\SA345d.DocHostUIHandlr
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.