« Top Target for Malware in 2010: Social Networks, Adobe Products, Google Chrome OS
AntiMalwareSuite »

Antivirus Plus

No Comments
ZulaZuza By ZulaZuza in Rogue Anti-Spyware Program | 0 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Antivirus Plus Description

Antivirus Plus is a fake anti-spyware application that is often voluntary downloaded from malicious websites by unsuspecting users. Antivirus Plus can also be unknowingly downloaded with video codecs or freeware. Trojans also distribute Antivirus Plus by exploiting system vulnerabilities or attaching themselves to unsolicited e-mails. Once the Trojan is inside a system it will modify the hosts file and may direct users to security.microsoft.com.

Antivirus Plus will also create a start-up registry and run a fake system scan which will produce fabricated results claiming that the system is infected with several parasites. Following the scan report, users will be advised to pay for the “full version” of Antivirus Plus in order to remove all the detected parasites. All parasite detections made by Antivirus Plus are fake; Antivirus Plus is not a legitimate security tool.

Type: Rogue AntiSpyware Programs

How Can You Detect Antivirus Plus?

 
 

Download SpyHunter’s Detection Scanner
to Detect Antivirus Plus.

 
 

Antivirus Plus Technical Report

As new Antivirus Plus details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Antivirus Plus files with its MD5s were created in the system:

File Name File Size MD5
InternetExplorer.dll 441856 5130c9ab0b7bebab95fbc174557231a4
avphl.dll 14848 1d5c6bcb5f8b84c3af582d7febd2aa11
rundll32.exe 1634304 53d722d9d8de0115a6afa8c544d421cc
AntivirusPlus.exe 1634304 53d722d9d8de0115a6afa8c544d421cc
setup[1].exe 444928 f4b27d042b55cfd3283af159b2d754fe
InternetExplorer.dll 441856 7c1a172b45f3669c416102753009ba65
InternetExplorer[1].dll 441856 7c1a172b45f3669c416102753009ba65
AntivirusPlus[1].exe 1260544 fa46309f8a41bfe11f44028b0291dc95
rundll32.exe 1260544 fa46309f8a41bfe11f44028b0291dc95
installer_1[1].exe 419328 4e1bfe52220ef3a485ca7db7d3001b99
AntivirusPlus_ba[1].exe 1432576 bf8deda696aaacbd85651d56216ff8d1
setup[1].exe 666112 03a1e599d66c64cd11eb5f20d3645767
AntivirusPlus[1].exe 1435136 f0bc697765f31bd431e776387aca2c7f
rundll32.exe 1435136 f0bc697765f31bd431e776387aca2c7f
AntivirusPlus[1].exe 1439232 766c97296e74b93510042e8942d5b13b
rundll32.exe 1439232 766c97296e74b93510042e8942d5b13b
installer_1[1].exe 670208 f598091ecc93cab7e4ca638a96c81b67
InternetExplorer.dll 635392 892d3f4d513089b891fc7592ab217bce
AntivirusPlus[1].exe 1439744 4efdbac4f793a43cf5d0ecc899808639
Antivirus Plus.exe 1298432 7781ab40da9596e3d6972e7b00cd0a5e
Antivirus Plus.exe 1295360 93183f38d13144afecb1f4dc6bb18ffa
Antivirus Plus.exe 1298432 2537dc71f01d2779331f7b39a6ef0023
AntiVirus Plus.70159.exe 2374656 64ba775f7677913e971b6d5649b38830
AntiVirus Plus.70159.exe 2373120 44b469c1eee505a043d6aeb55029cac0
AntiVirus Plus..exe 2382848 68ee8b3b7e4bdd979da9a9758f49f356
zodipibe.exe 107008 8d69b34a23352a4a06480b6c609bf9b5
AntiVirus_Plus.70367.dll 2458624 567be587d4b5f013301c423e8d5c4770
avplus[2].dll 2458624 567be587d4b5f013301c423e8d5c4770
AntiVirus Plus.70159.dll 2460160 af3e02cc5a822c31073c138ca1f0f327
dplay32.dll 187904 aea0d1465ad432dfe0427e93f0fe014c
AntiVirusPlus.70367200.dll 2461696 e2d3ec74857e88294cc8611dd3707189
AntiVirus Plus.70700.dll 2433536 e6d510941426419fa5b28ffb738d5df6
AntiVirus Plus.70700.dll 2541568 911a4a3c5b3a105b7a24ca0c756d707a
AntiVirus Plus.70700.dll 2545152 d77a97cc4f2b4b1f6e0bc40d775d614f

Antivirus Plus has typically the following processes in memory:

  • avphl.dll
  • AntiVirus Plus.70700.dll
  • AntivirusPlus.exe
  • AntivirusPlus_ba[1].exe
  • c:\WINDOWS\system\rundll32.exe
  • AntivirusPlus[1].exe

Antivirus Plus created the following directories, files, paths:

  • %UserProfile%\Start Menu\Programs\AntiVirus Plus
  • %ProgramFiles%\Antivirus Plus
  • %AppData%\AntiVirus Plus
  • %AllUsersProfile%\Start Menu\Programs\Antivirus Plus
  • %UserProfile%\Local Settings\Application Data\AntiVirus Plus

Antivirus Plus creates the following registry entries:

  • C2B5AAB8-2183-4be7-81A6-F11493C45872
  • Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus Plus
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “AntivirusPlus”
  • 02034A97-AD4C-4A05-9C90-1E0187F0E090

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 12/31/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.