Home
/
Spyware Encyclopedia
/ Fake Anti Spyware.Antivir
Fake Anti Spyware.Antivir Technical Details
Category
Fake Anti Spyware
Discovered
9/4/2009 4:00:27 PM
Modified
12/5/2009 10:32:52 AM
Threat Level
High
Category Description
These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.
Description
Antivir is Rogue Security Program. Antivir usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. It uses aggressive and deceptive techniques to frighten the user into purchasing the program. It gives exaggerated report and claims of spyware found or false positives but will not remove spyware unless the user purchases the program.
Notice
Summary
The following http urls were started
: NA
The hosts file was updated with the following url-to-ip mappings
:
127.0.0.1
localhost
127.0.0.1
download.windowsupdate.com
127.0.0.1
http://update.microsoft.com
The following internet connection was established
:
216.239.122.164 : 80
72.233.64.146 : 80
66.232.102.65 : 80
Process
antivir.exe
Drivers
N/A
Folder Created
%DAS.AU.SM%\AV
%PF.COMMON%\Uninstall
%PF%\AV
The following Files were created:
Name
Version
Publisher
Signature
(MD5)
File Size
(in KB)
..\av\antivir.exe
c39214f473e7f6808149e20e250b89ab
1687552
..\antivir-b85ed_2013-1.exe
0fe53ad66b0a719f4974be8a30c34e60
180224
..\updatecheck.dll
598528
The following Registry Entries were created:
•
..\Software\Microsoft\Windows\CurrentVersion\Run\\"av"\"%pf%\av\antivir.exe"
•
..\Software\Classes\Clsid\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc}
•
..\Software\eva78b
The following images were captured:
Recommendation to remove Fake Anti Spyware.Antivir
Spyware Detector can remove Fake Anti Spyware.Antivir, and thousands of other Spyware automatically and instantly.
Click here
to download Spyware Detector and scan for free.
Search Threats
