Acantispy.com

Acantispy.com Description

Acantispy.com is a malicious website, and if your browser keeps taking you to that site on its own, you probably know by now that something is wrong. Acantispy.com supports a fake security program called Antimalware Go, and you should not visit the site voluntarily for any reason.

If you have tried to research Acantispy.com, you may have noticed that although Acantispy.com is the name of a website, Acantispy.com generally seems to be referred to as a hijacker. Some clarification is needed here, because Acantispy.com is a website, and a dangerous one at that. However, there is also a computer infection that is called Acantispy.com because Acantispy.com hijacks the web browser and causes it to take you to Acantispy.com when you try to view other sites. So, the hijacker Acantispy.com is malware, named for the site that Acantispy.com causes the infected computer's browser to display.

The Scam Website Acantispy.com

The website Acantispy.com is a site that supports the fake anti-virus software Antimalware Go, and which is part of a scam. Because Antimalware Go is identical to other rogue anti-malware applications AntiVira Av and Antivirus .Net, the websites that claim to offer Antimalware Go as real software are just copies of the sites that promote AntiVira Av and Antivirus .Net. So, Acantispy.com has the same fake testimonials, bland blue color scheme, phony customer support and contact information, and lame “Standing sentinel on the safeguard of your PC” slogan used by these other sites. All of the site content is bogus, and it's only there to convince you that Antimalware Go is something you should spend your money on – because Acantispy.com is the payment site for the scam.

The Browser Hijacker Acantispy.com

The hijacker Acantispy.com also promotes Antimalware Go, by constantly forcing you to look at the website that promotes Acantispy.com. When you try to look at any ordinary website, the hijacker will cause your browser to take you to Acantispy.com's front page, or one of the other pages within the site. Acantispy.com may also cause a fake security message to appear in the browser window, if you use Internet Explorer, which says that Internet Explorer prevented you from navigating to the page you were trying to because the page is malicious. The security warning will have a link to a site that is supposed to contain security advice or tips, but if you click on it, it just takes you to Acantispy.com.

User experience with the hijacker Acantispy.com varies, and in some cases, Acantispy.com may cause security alert pop-ups to appear, and Acantispy.com will urge you to download Antimalware Go or to run a “scan” of your computer (so that Acantispy.com can recommend Antimalware Go afterward). You may also find that the hijacker generates alerts that claim that your PC is infected with malware, but for obvious reasons, you should not believe what these alerts tell you.

The malware related to the hijacker Acantispy.com relies heavily on Trojans in order to infiltrate PC's, and so it is highly likely that the hijacker uses Trojans, as well. In general, the Trojans associated with these malware infections tend to be hidden in downloads of fake video codecs, or application updates downloaded from third-party sites. Pirating sites and filesharing services also commonly spread the Trojans for rogue security applications and the malware that supports them. Once the Trojan is downloaded to your computer, Acantispy.com either downloads or installs the other malware.

Acantispy.com has nothing beneficial or real to offer. Acantispy.com is just one more site, and one more hijacker, that supports a huge, widespread Russian scam. This scam has been ongoing for most of 2011, at least, and Acantispy.com showed up at the beginning of March.

Technical Information

File System Details

Acantispy.com creates the following file(s):
# File Name Detection Count
1 %Temp%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe N/A
2 %Temp%[RANDOM CHARACTERS] N/A

Registry Details

Acantispy.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = '127.0.0.1:33440'
HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESASSOCIATIONS[RANDOM CHARACTERS]
HKEY_CURRENT_USERSoftware
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = .exe
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter "Enabled" = '0'
HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESATTACHMENTS[RANDOM CHARACTERS]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = '1'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" =