« Antiaid.com
FireEye Strikes a Mighty Blow Against Ozdok/Mega-D Spam Botnet »

AntiAID

No Comments
Domesticus By Domesticus in Rogue Anti-Spyware Program | 0 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

AntiAID Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

AntiAID is a fake anti-spyware application from the same family as WiniBlueSoft. AntiAID was created with a slightly different graphical user interface than previous rogueware in its family. AntiAID generally spreads through infected video codecs or flash updates. Once AntiAID has managed to enter a system, it will conduct a fake system scan on a user’s system. The scan will display exaggerated results of virus infections, followed by frequent displays of annoying pop-ups and recommendations to purchase the full version of AntiAID. AntiAID and all its related notifications are not to be trusted.

Type: Rogue AntiSpyware Programs

How Can You Detect AntiAID?

 
 

Download SpyHunter’s Detection Scanner
to Detect AntiAID.

 
 

AntiAID Technical Report

As new AntiAID details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following AntiAID files with its MD5s were created in the system:

File Name File Size MD5
AntiAID.exe 1634304 b95c5544cbd3d182d23b7043e0db7c2b
setup[1].exe 1733885 cb16e317b3ebedcd394a3623dc98b3bf

AntiAID has typically the following processes in memory:

  • c:\WINDOWS\system32\29418tro5ez.ocx
  • c:\Program Files\AntiAID Software\AntiAID\uninstall.exe
  • AntiAID.exe
  • c:\Program Files\AntiAID Software\AntiAID\AntiAID.exe
  • %Temp%\8enyqcv1.exe

AntiAID created the following directories, files, paths:

  • %ProgramFiles%\AntiAID Software\AntiAID
  • %AllUsersProfile%\Start Menu\Programs\AntiAID

AntiAID creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiAID
  • HKEY_LOCAL_MACHINE\SOFTWARE\AntiAID
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AntiAID”
  • HKEY_CURRENT_USER\Software\AntiAID
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “8enyqcv1.exe”

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 11/12/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.