AntivirusBEST

By GoldSparrow in Rogue Anti-Spyware Program | 1,475 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 4.33 out of 5)
Loading ... Loading ...
Translate To:     Português
 More... More

AntivirusBEST Description

Image Screenshot

[+] Click Image to Enlarge

AntivirusBEST (also known as Antivirus BEST or Antivirus-BEST) is a rogue anti-spyware program. Typically, AntivirusBEST may either penetrate the host computer through security exploits, or it is known to be downloadable on its website (Antivirus-Best.com), which you may be diverted to due to browser hijacking. The distributers of AntivirusBEST use a BHO that infects a user’s computer to display fake warning messages which can be easily confused as warning messages delivered by the Windows system.

The following bogus warning messages are issued to lead you to buy the AntivirusBEST program:

“Internet Explorer has found an unregistered version of AntivirusBEST. To protect your computer, please register your AntivirusBEST.”

and

“AntivirusBEST
Privacy Violation alert!
AntivirusBEST detected a Privacy Violation. A program is
secretly sending your private data to an untrusted internet
host. click here to block this activity by removing the threat
(Recommended).”

However, this fake anti-spyware becomes installed on your machine, AntivirusBEST will begin to issue false system scans that detect various fictitious parasite threats, all in order to scare you into buying the licensed version of AntivirusBEST. AntivirusBEST is a clone of the notorious Anti-Virus-1.

Type: Rogue AntiSpyware Programs

How Can You Detect AntivirusBEST?

Download SpyHunter’s Detection Scanner
to Detect AntivirusBEST.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

AntivirusBEST Technical Report

As new AntivirusBEST details are reported by our customers and findings from our Threat Research Center, we will update this section.

Author url of AntivirusBEST:

  • Antivirus-BEST.com

AntivirusBEST’s Country of Origin:

  • Ukraine

Fake message for AntivirusBEST:

The following fake error message(s) appears for AntivirusBEST:

AntivirusBEST
Privacy Violation alert!
AntivirusBEST detected a Privacy Violation. A program is
secretly sending your private data to an untrusted internet
host. click here to block this activity by removing the threat
(Recommended).

Your PC is not protected
Security center reports that ‘AntivirusBEST’ is inactive. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the suggested actions. You system might be at risk now.

AntivirusBEST
Internal conflict alert.
AntivirusBEST detected internal software conflict. Some application tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer.

AntivirusBEST
System files modification alert!
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unathorised modifications by removing threats (Recommended).

The following AntivirusBEST files with its MD5s were created in the system:

File Name File Size MD5
PreInstaller[1].exe 227328 eba5ca538be5b69f59f4de9ae8a21f5f
svchost.exe 1920000 8b80f30727e069352a2d209684da4c44
QWProtect.dll 115200 5be590be656ad54849cd396c27724845
Installer.exe 78848 3908ef46a1bd48b2851229455dd8add2
abest.exe 11345408 11d33a920cb849192e2cc345a6a130dc
ABEST.exe 15729664 f559a1ac02e5cc652d1d722cf89d7d5a

AntivirusBEST Removal Details

AntivirusBEST has typically the following processes in memory:

  • qwprotect.dll
  • abest.exe

AntivirusBEST creates the following files in the system:

  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusBEST
  • ABEST.CAB
  • AntivirusBEST.lnk
  • AntivirusBEST

AntivirusBEST created the following directories, files, paths:

  • %AllUsersProfile%\Start Menu\Programs\AntivirusBEST

AntivirusBEST creates the following registry entries:

  • HKEY_CLASSES_ROOT\CLSID\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
  • HKEY_CLASSES_ROOT\AppID\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}
  • 296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD
  • HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1
  • HKEY_CLASSES_ROOT\Interface\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}
  • HKEY_CLASSES_ROOT\AppID\QWProtect.dll
  • AppID\296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD
  • HKEY_CLASSES_ROOT\qwprotect.qwprotectbho
  • HKEY_CLASSES_ROOT\TypeLib\{684a7904-2593-4bbe-a90e-cdaf2ac606ae}
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
  • 44B2C9F5-608D-46de-82E1-26C5BCB85193
  • 684A7904-2593-4BBE-A90E-CDAF2AC606AE

Important Article Disclaimer

ESG Support Center

This entry was last updated on 08/7/09 and posted on 06/29/09. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Restricteddomainhelp.com
Active Antivir »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.