Retailsecurityguide.com
Retailsecurityguide.com is a criminal website that promotes Windows Defender 2010. Retailsecurityguide.com is inserted into a user's Hosts file by a browser hijacking Trojan, resulting in the user's browser being frequently redirected to the malicious domain. Once the user lands on Retailsecurityguide.com aka Retailsecurityguide.net, misleading security notifications will be displayed along with recommendations to purchase Windows Defender 2010. This is all a scam, do not believe anything on Retailsecurityguide.com and never waste your money on Windows Defender 2010.
File System Details
Retailsecurityguide.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %AppData%\ave.exe |
Registry Details
Retailsecurityguide.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe | @ = "secfile"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = "%AppData%\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = "%AppData%\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"
