Www.alltubesfun.us/gallery
Www.alltubesfun.us/gallery is a rogue website responsible for infecting computers that visit its domain with the rogue anti-spyware program called Antivirus XP Pro (also known as Antivirus XP Pro 2009). Typically, you come across alltubesfun.us/gallery through search engines when surfing for adult content. Www.alltubesfun.us/gallery looks like a pornographic website that offers visitors online trailers of explicit content. Should you click on any of the featured videos to view them, you will automatically get redirected to the following domain: hxxp://trucount3000.com/cgi-bin/install.pl?adv=0 (do not visit this page), which contains an exploit and installs the rogue anti-spyware application Antivirus XP Pro.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\AntivirusXP 2 %Program Files%\AntivirusXP\AntivirusXP.exe 3 %Program Files%\AntivirusXP\Infected 4 %Program Files%\AntivirusXP\Suspicious 5 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusXP.lnk 6 %UserProfile%\Desktop\AntivirusXP.lnk 7 %UserProfile%\Start Menu\Programs\AntivirusXP 8 %UserProfile%\Start Menu\Programs\AntivirusXP\AntivirusXP.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AntivirusXPHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntivirusXP.exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.