English 
Deutsch
Español
Français
Portuguese
Extra Antivirus Extra Antivirus
By
LoneStar in Rogue Anti-Spyware Program |
52 views
(No Ratings Yet)
Loading ...
Extra Antivirus Description
Extra Antivirus is a malicious application that uses scare tactics to convince you to purchase it’s full version. This rogue application is a clone of infamous P Antispyware 09 malware and Trojans can be blamed for its delivery to the host system; there are also malicious websites that it can be downloaded from. From malicious website such as Onlineprotect-extraantivir.com, a fake online scan that returns false results stating that the user’s computer is heavily infected. A repair on the website is offered upon which Extra Antivirus’ setup file is downloaded. On installation, a seemingly comprehensive scan is performed where more fictitious results accompanied by pop-ups are produced to the user and is prompted for Extra Antivirus to remove these fictitious threats after purchase of the full version. This malicious application is not able to deal with infections and is the infection itself.
Type: Rogue AntiSpyware Programs
How Can You Detect Extra Antivirus?
Extra Antivirus Technical Report
As new Extra Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Extra Antivirus files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| ExtraAV.exe | 1934336 | 949f34d95c822ba10ab6006faca05314 |
| ExtraAV.exe | 1857536 | 1c80a7f71328148eb38311a5c0dd490e |
| SetupReleaseXP[1].exe | 2251769 | 07066a9e06987d5d0970971104d142f3 |
| SetupReleaseXP[1].exe | 2251710 | 886ac8a0ac96cacdd41183fb38eb7dd3 |
| eav.exe | 1097728 | 1e7a626e7740836af196c76e9861d6cd |
| setup_26357_0[1].exe | 116235 | bb16edd39cf49ba563a687fb589f46ab |
| ExtraAV.exe | 1936384 | 7ecf8832f7c2ea26294c027f5d9452d6 |
| ExtraAV.exe | 1907712 | 19c7b7924324d0025e35472ed6bfaa43 |
| SetupReleaseXP[2].exe | 2305870 | 78ad483dfa557e7ca0cf08c691982d45 |
| ActivatedSetupReleaseXP[2].exe | 2296181 | 32c8d54e921dba5d9f0f76d5272a9945 |
| ExtraAV.exe | 1935360 | 0c734f9a44e621444c3c853af1db076e |
Extra Antivirus has typically the following processes in memory:
- %UserProfile%\Recent\fix.dll
- %UserProfile%\Recent\PE.sys
- %UserProfile%\Recent\delfile.sys
- %UserProfile%\Recent\tjd.exe
- %UserProfile%\Desktop\Install_1_1_.exe
- %ALLUSERSPROFILE%\Application Data\1c12a55\ExtraAV.exe
- %UserProfile%\Recent\PE.dll
- %UserProfile%\Recent\cb.exe
- %UserProfile%\Recent\SM.sys
- %UserProfile%\Recent\sld.sys
- ExtraAV.exe
- %ALLUSERSPROFILE%\Application Data\317dfb9\ExtraAV.exe
- %UserProfile%\Recent\hymt.exe
- %UserProfile%\Recent\ANTIGEN.sys
- %UserProfile%\Recent\exec.dll
- %UserProfile%\Recent\SICKBOY.sys
- c:\Documents and Settings\All Users\Application Data\7c69f0c\ExtraAV.exe
Extra Antivirus created the following directories, files, paths:
- %AppData%\Extra Antivirus
- %AllUsersProfile%\Application Data\RootSys
- %UserProfile%\Start Menu\Programs\Extra Antivirus
- %AllUsersProfile%\Application Data\bdff
- %AllUsersProfile%\Application Data\Tally software LTD\Extra Antivirus
Extra Antivirus creates the following registry entries:
- HKEY_CURRENT_USER\Software\Tally software LTD\Extra Antivirus
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “889809903″
- Tally software LTD\Extra Antivirus
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\Extra Antivirus 3.0
- Microsoft\Windows\CurrentVersion\uninstall\Extra Antivirus 3.0
- HKEY_CLASSES_ROOT\ExtraAV.DocHostUIHandler
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Extra Antivirus”
- ExtraAV.DocHostUIHandler
Important Article Disclaimer
