AntivirusBEST Description

 

 

[+] Click Image to Enlarge

 

 

CartCartCartCartCartCartCartCartCart

AntivirusBEST (also known as Antivirus BEST or Antivirus-BEST) is a rogue anti-spyware program. Typically, AntivirusBEST may either penetrate the host computer through security exploits, or it is known to be downloadable on its website (Antivirus-Best.com), which you may be diverted to due to browser hijacking. The distributers of AntivirusBEST use a BHO that infects a user’s computer to display fake warning messages which can be easily confused as warning messages delivered by the Windows system.

The following bogus warning messages are issued to lead you to buy the AntivirusBEST program:

“Internet Explorer has found an unregistered version of AntivirusBEST. To protect your computer, please register your AntivirusBEST.”

and

“AntivirusBEST
Privacy Violation alert!
AntivirusBEST detected a Privacy Violation. A program is
secretly sending your private data to an untrusted internet
host. click here to block this activity by removing the threat
(Recommended).”

However, this fake anti-spyware becomes installed on your machine, AntivirusBEST will begin to issue false system scans that detect various fictitious parasite threats, all in order to scare you into buying the licensed version of AntivirusBEST. AntivirusBEST is a clone of the notorious Anti-Virus-1.

Type: Rogue AntiSpyware Programs

How Can You Detect AntivirusBEST?

AntivirusBEST Technical Report

As new AntivirusBEST details are reported by our customers and findings from our Threat Research Center, we will update this section.

Author url of AntivirusBEST:

• Antivirus-BEST.com

AntivirusBEST’s Country of Origin:

• Ukraine

Fake message for AntivirusBEST:

The following fake error message(s) appears for AntivirusBEST:

AntivirusBEST
Privacy Violation alert!
AntivirusBEST detected a Privacy Violation. A program is
secretly sending your private data to an untrusted internet
host. click here to block this activity by removing the threat
(Recommended).

Your PC is not protected
Security center reports that ‘AntivirusBEST’ is inactive. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the suggested actions. You system might be at risk now.

AntivirusBEST
Internal conflict alert.
AntivirusBEST detected internal software conflict. Some application tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer.

AntivirusBEST
System files modification alert!
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unathorised modifications by removing threats (Recommended).

The following AntivirusBEST files with its MD5s were created in the system:

AntivirusBEST has typically the following processes in memory:

• qwprotect.dll
• abest.exe

AntivirusBEST created the following directories, files, paths:

• %AllUsersProfile%\Start Menu\Programs\AntivirusBEST

AntivirusBEST creates the following registry entries:

• HKEY_CLASSES_ROOT\CLSID\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
• HKEY_CLASSES_ROOT\AppID\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}
• 296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD
• HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1
• HKEY_CLASSES_ROOT\Interface\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}
• HKEY_CLASSES_ROOT\AppID\QWProtect.dll
• AppID\296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD
• HKEY_CLASSES_ROOT\qwprotect.qwprotectbho
• HKEY_CLASSES_ROOT\TypeLib\{684a7904-2593-4bbe-a90e-cdaf2ac606ae}
• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
• 44B2C9F5-608D-46de-82E1-26C5BCB85193
• 684A7904-2593-4BBE-A90E-CDAF2AC606AE

Important Article Disclaimer