« Cookies Re-Occurring On Every Scan
VirusRay »

AntiVirGear

No Comments
Domesticus By Domesticus in Rogue Anti-Spyware Program | 82 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 3.00 out of 5)
Loading ... Loading ...

AntiVirGear Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

AntiVirGear is a rogue anti-spyware application that is usually transmitted via the Zlob Trojan or by other illegal means. After the program is downloaded to the victim’s machine it starts displaying false security alerts in order to convince the user to purchase the full version of AntiVirGear. Along with fake security alerts the program is known to cause system instability.

Type: Trojans

How Can You Detect AntiVirGear?

 
 

Download SpyHunter’s Detection Scanner
to Detect AntiVirGear.

 
 

AntiVirGear Technical Report

As new AntiVirGear details are reported by our customers and findings from our Threat Research Center, we will update this section.

URLs, domains, and websites related or accessed by AntiVirGear (do not visit them):

  • antivir-prof.com
  • antivir-my-pc-scan.com
  • antivirgear.com

The following AntiVirGear files with its MD5s were created in the system:

File Name File Size MD5
AntiVirGear 3.7.exe 1794048 ff8e28873c069c7e966328d1ec74d8c5
rnxwph.dll 12800 0722fb5e0e32bf1e7568e209d0ada696
zdhgsp.dll 12800 dc6526a615351cd3eee2b2d2beaa1360
pluwue.dll 12800 b818806e29eb365a4e8a7e11dd865b6f
jrpkmgh.dll 12800 a84d034ad803398fe55fac26e5d998c5
swqzdtj.dll 12800 d31af9775118f2b037bc763b611f42d7
vusxqm.dll 12800 d2abf76307c2336ff50cd4e3d2afb7b4
AntiVirGear 3.8.exe 57344 3c23a38e452cd57430eaf9a5d3d48917
vzfhprk.dll 12800 8032d1488bc94d9ebdf009b486aadbee
rmtdvc.dll 12800 e6f0eb2e30a46c881ca97d607538895a
veptlh.dll 12800 9892c2ce198c6e7e9503e529e4a6c7e0
hteogat.dll 12800 6a07931fc50c2a670b9f3c7b87692564
hymww.dll 12800 de500050940ceb1650e1f17ee6c75752
AntiVirGear 3.8.exe 1794048 13c40e5f9853aa9104cdcd855b645903
fifzqip.dll 12800 8a80a510c7350c6fb76655a9c0f13ed5
flirek.dll 12800 3b8d86aa41dc77970f523928f673123e
rrtrit.dll 12800 172be2414428c9ff1910879be2a9aace
siiyal.dll 12800 bcc559e6f17259b63faa9a0beee5e787
gdrtul.dll 12800 da0afb66feb576d94c900611fc95d415
mxhfjy.dll 12800 db237f941f50354f1e9fa340d57d143e
fwzozx.dll 12800 4f4602635846663b309c82cbc8a812cc
gaaplp.dll 12800 a9e2c437f5be4efdf5cffa2712efd215
nczupfw.dll 12800 d0615ec6547926e5ece30d4ef3b092cd
sttwrd.dll 12800 367814b67b4b738fe153d733694bfcc5
clbrcek.dll 12800 b9e188be528bd7d9e07c06b28f156026
beahahl.dll 12800 f8ad9117e82f521662f23721ae82b2d7
ugbtna.dll 12800 ddc70727d71ab3a937dd584430a4a9b5
fqgwiw.dll 12800 516525fd6b9e75dcf2e94be754d7dbe3
itdtjjf.dll 12800 ac593e99e67173b89f52cc6a13c9c4a9
tkosvv.dll 12800 de6543c6a5797e01ddcbafc4264c3e27
pfrmj.dll 12800 be484b902e99f548c4cba1c615f4edc3
yneid.dll 12800 8e8374ef0a445b6f709327b692a7510a
bqrcr.dll 12800 b56f60cdbe7ff45afb242050a269cd77
dsibr.dll 12800 ea193b7aef984fbdb14223bcaca88014
nieyn.dll 12800 14bedd39d23ef6f363a12cb95e8f3615
eulbn.dll 12800 fb2a65c236b79657e9d57b6c587210c8
fnczfh.dll 12800 79a1c3d82df018a7daf5bd5f83035555
aghmao.dll 12800 c926d6a556ae8e244f6fe6d9de5f1169
xovdzz.dll 12800 fdcc9b344df8ebbb7d531041b043379e
bubbj.dll 12800 eb4c66df3d7be479900bdce5a491a105
avg_install[1].exe 3269585 3263a6415196269345562c7d8e61ac60
AntiVirGear 3.9.exe 1794048 04b115a23f67a6d2ff099bf01c234afc
laf6.dll 29696 700e7e2d9cae9ebc1fb0fc5052d9172f
laf3.dll 29696 87cb555c8d6968261f88b6f477bdbf7a
laf3.dll 29696 a917a6503aecb9daa2418bfa245f9074

AntiVirGear has typically the following processes in memory:

  • ddllup.dll
  • iheuv.dll
  • pluwue.dll
  • swqzdtj.dll
  • AntiVirGear 3.8.exe
  • hteogat.dll
  • gdrtul.dll
  • flirek.dll
  • fwzozx.dll
  • clbrcek.dll
  • fqgwiw.dll
  • pfrmj.dll
  • dsibr.dll
  • fnczfh.dll
  • bubbj.dll
  • wqzdtjg.dll
  • lgaac.dll
  • zdhgsp.dll
  • rnxwph.dll
  • vzfhprk.dll
  • veptlh.dll
  • fifzqip.dll
  • siiyal.dll
  • mxhfjy.dll
  • nczupfw.dll
  • ugbtna.dll
  • tkosvv.dll
  • bqrcr.dll
  • eulbn.dll
  • xovdzz.dll
  • AntiVirGear 3.7.exe
  • vmlwp.dll
  • txxkb.dll
  • jrpkmgh.dll
  • vusxqm.dll
  • rmtdvc.dll
  • hymww.dll
  • rrtrit.dll
  • sttwrd.dll
  • gaaplp.dll
  • beahahl.dll
  • itdtjjf.dll
  • yneid.dll
  • nieyn.dll
  • aghmao.dll
  • AntiVirGear 3.9.exe

AntiVirGear created the following directories, files, paths:

  • %ProgramFiles%\AntiVirGear 3.9
  • %ProgramFiles%\AntiVirGear 3.8
  • %ProgramFiles%\AntiVirGear 3.7

AntiVirGear creates the following registry entries:

  • 5F251303-F8C4-44C3-A7C2-9E8A93C59322
  • 765A8F7D-F57B-4601-A038-3F463A4D3193
  • 897F5CB6-C1C1-494E-8F17-972784193442
  • AB5E9971-7086-4E6E-ADFA-BE9C685BE68B
  • EE241504-6F15-49E4-847F-B4D7DA9EA8F9
  • AF0C5CBA-52E1-4B29-A2DC-58D91D599612
  • d4c4bc43-0974-4dec-a669-9f7bfcb3503d
  • 27882a9f-8937-4ae4-87ab-ed669c8b6d7a
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\95dde900-8bf3-428c-b9be-8345c9d194f7
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\d6ef030a-a235-41ba-9ead-89b6ff542f00
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\5feba593-3e6d-4606-ae6e-0680501cd29e
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\92050ffb-b796-4146-ae27-7e5e1d93b8a8
  • 92050ffb-b796-4146-ae27-7e5e1d93b8a8
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\16be3225-e902-4d2a-ac98-aab162796927
  • 2447284F-3590-4E8C-A869-049BD87CAD07
  • 409A05EF-1B48-4198-B6BF-993B8B52790C
  • 58A1ACE6-0DBA-45D2-8154-E8253A7B87BB
  • A7FE54B2-B167-4017-BCCC-CF73B2F678E3
  • F90A7969-20A0-4257-B39D-9C73D64CE3B0
  • AntiVirGear 3.8
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\34ec76b6-53c4-4686-822f-910c790683fb
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\e1adb94e-0dc6-487c-b274-981bee6301a1
  • e1adb94e-0dc6-487c-b274-981bee6301a1
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\7999c5e2-b500-4ba5-8e9a-99639eca65fc
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\a6d478c6-7961-4fe9-be4b-e621dd640112
  • 23ED2206-856D-461A-BBCF-1C2466AC5AE3
  • e0e6e3da-f3af-4fb4-9411-2cf92fdeefc2
  • 12a8c4e6-06c8-4ab3-9274-a0cde148e3da
  • eb4c6870-721f-4989-9c90-8cbfa46d0298
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\7dfa04a9-5e60-458b-ace4-4a7613504e8d
  • 3aea41ad-3ce4-48d9-acab-be40ad329e40
  • 837d024d-e0fb-44e8-acb1-24ec2309c487
  • 41591d7f-9e25-4bd0-af53-9908fcf3a738
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\96773c21-1b6b-4db0-8fe8-0c59f3c8a355
  • 96773c21-1b6b-4db0-8fe8-0c59f3c8a355
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\de313bc7-422a-4344-a9aa-3e703922345c
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\1977ce08-a38f-43db-a856-f4aa6122131b
  • 1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f
  • 3AD29C7B-47D1-4E62-97FB-310F14131D10
  • 523BE6B4-E203-4355-9C9A-40F6EB2A914A
  • 937CEADB-C6BC-40EC-BCEB-8B1B0FF8257F
  • BE5ABF82-0740-42E9-8D22-4EB662848C59
  • E2A00EA6-81D9-4F5A-A123-296D42377A41
  • AntiVirGear 3.9
  • 418985AE-4FE4-448D-83EE-238C887D8FC2
  • 64A8E3CA-AE17-4EB0-8C67-47D1103A5B6F
  • 8742F319-C916-4930-B781-1C148134C05C
  • AA500EFC-3C92-44C9-B1D6-7A7033343A50
  • B2882CC2-0077-426B-916D-E0B9EA23A1B5
  • FD9A05E8-4A1E-45E6-B3B6-37CE20140278
  • Microsoft\Windows\CurrentVersion\App Paths\AntiVirGear 3.7.exe 3.7
  • 655560a9-3ca8-4509-9632-6abbef21426b
  • Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntiVirGear 3.7
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\cc25189b-1b13-4abe-900e-65e08bd961af
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\adf64b1b-c68c-4ce8-bb55-258b7b8b0f81
  • 60dea04c-9817-4309-bfa2-f8a1766c3cd1
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\79cdca21-5055-4cae-b609-e1685ef55cf7
  • 79cdca21-5055-4cae-b609-e1685ef55cf7
  • 14F47CA3-2291-4B3E-9ED4-8C7E6AE80851
  • 3D5E5AE1-5DED-4520-BDC2-B9292EA708CA
  • 50B388D5-4A80-4191-8BCC-5DD031D7F3EE
  • 7D2A83A4-0687-4704-937E-A29045826F77
  • F6FDBF9A-19A7-4F0A-9F46-6F015A067B44
  • DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5
  • 16be3225-e902-4d2a-ac98-aab162796927
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b
  • ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\23ED2206-856D-461A-BBCF-1C2466AC5AE3
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\e0e6e3da-f3af-4fb4-9411-2cf92fdeefc2
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\12a8c4e6-06c8-4ab3-9274-a0cde148e3da
  • c74f7434-a6e7-46c3-bf60-62a005074fe5
  • f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\75a65a53-15c9-4a0c-bb40-a7ca8b24f544
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\3aea41ad-3ce4-48d9-acab-be40ad329e40
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\837d024d-e0fb-44e8-acb1-24ec2309c487
  • daecb1b9-9f49-40f3-873d-5db0fdb14d7d
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\2dcea392-ea10-4e6d-aba4-329ac377119c
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\06e3d089-46cb-4aff-a45d-f0dc7efa1577
  • 06e3d089-46cb-4aff-a45d-f0dc7efa1577
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\a6fddce1-36ae-41c1-87d3-f49e514273d4
  • de313bc7-422a-4344-a9aa-3e703922345c
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f
  • 37E9084E-2F33-40CB-AE70-08CCA7D35181
  • 50690FE4-0986-4B04-BEB3-09AD48B3C836
  • 74110FB0-7C6D-4BB9-AE8D-419289F4B99C
  • B46326D7-B6B6-4C95-81EE-A0201D01546E
  • DCC58039-1835-4449-8570-94CDE6646031
  • B3737DD3-1543-43DF-8038-6AB593990F15
  • Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntiVirGear 3.9
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\b8ea5f37-7327-4923-9808-8fd3b6f0d529
  • 61840430-C7CF-43A0-9D49-3B3ED563FED1
  • 77E616D5-5DB4-4B6A-8BDA-2BE4103A9921
  • A2224C72-745E-4046-882F-1A48C9311D77
  • AD7CA0BC-693A-4AF9-B31A-60472248F761
  • F1666E4E-45C8-462A-97FF-BFD5A103BFFA
  • AntiVirGear 3.7
  • 98013eb8-258b-4979-bfd5-04ecd93f765c
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\8a96d76c-97fc-42c8-8e68-5613bacef854
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\b02c6db1-a1ea-470f-8100-b1391463ba92
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\60dea04c-9817-4309-bfa2-f8a1766c3cd1
  • adf64b1b-c68c-4ce8-bb55-258b7b8b0f81
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\02e155c1-202c-43a5-a212-58bb67d4341c
  • 02e155c1-202c-43a5-a212-58bb67d4341c
  • 0A0FC1A4-41D4-4793-9AC5-0B55CDC95AE9
  • 38EEEF46-CA24-4ACA-A90D-540978DF7252
  • 47A93011-1004-440C-9960-BD3B0348A7C2
  • 73D25394-992F-43D1-BF92-48494CC0D1AE
  • C183B073-2D7F-45BC-8967-80147CECEE45
  • FA38F299-57F8-4FEB-9096-715460AE943C
  • Microsoft\Windows\CurrentVersion\App Paths\AntiVirGear 3.8.exe 3.8
  • 34ec76b6-53c4-4686-822f-910c790683fb
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\a47e7ce0-263d-40aa-86bc-27c1f6433143
  • a47e7ce0-263d-40aa-86bc-27c1f6433143
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\c74f7434-a6e7-46c3-bf60-62a005074fe5
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5
  • 7999c5e2-b500-4ba5-8e9a-99639eca65fc
  • a6d478c6-7961-4fe9-be4b-e621dd640112
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\eb4c6870-721f-4989-9c90-8cbfa46d0298
  • 75a65a53-15c9-4a0c-bb40-a7ca8b24f544
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\daecb1b9-9f49-40f3-873d-5db0fdb14d7d
  • 7dfa04a9-5e60-458b-ace4-4a7613504e8d
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\41591d7f-9e25-4bd0-af53-9908fcf3a738
  • 2dcea392-ea10-4e6d-aba4-329ac377119c
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\48a7a70a-e118-4506-a373-c9d4e8a212a1
  • 48a7a70a-e118-4506-a373-c9d4e8a212a1
  • a6fddce1-36ae-41c1-87d3-f49e514273d4
  • 1977ce08-a38f-43db-a856-f4aa6122131b
  • 0F44BBC9-DB3A-4DF4-A3A4-C9B0C21965B9
  • 48614E7F-07AD-46AC-ADFD-EA462F0797AE
  • 6DA38FB4-3F20-4C0B-B31B-C005BE2AE99F
  • AE67E7F7-3ADE-4AD5-85E6-DEF454C448C7
  • C541B506-FC15-4C64-B3D0-DDC6DA308B65
  • EC6CF387-979F-4535-A33F-7EC77EE236B4
  • Microsoft\Windows\CurrentVersion\App Paths\AntiVirGear 3.9.exe 3.9

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 10/21/07 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs


Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.