Threat Database Browser Hijackers Networksecurityregistry.com

Networksecurityregistry.com

Networksecurityregistry.com is a deceptive website that in placed into victims' Hosts files by browser hijacking Trojans. Once a victim is redirected to Networksecurityregistry.com, a fake system scan will be conducted which will claim that the system is infected with malware. Alarming security alerts and pop-up messages may also be displayed in order to scare the victim into purchasing the "full" version of Windows Defender 2010 and remove all the "detected" threats. Windows Defender 2010 is unable to detect or remove malware and users should never trust anything on Networksecurityregistry.com.

File System Details

Networksecurityregistry.com may create the following file(s):
# File Name Detections
1. %Documents and Settings%\[UserName]\Application Data\ave.exe

Registry Details

Networksecurityregistry.com may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "ave.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "ave.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "ave.exe" /START "iexplore.exe"

Trending

Most Viewed

Loading...