Antiaid.com Description
Antiaid.com is a malicious domain that advertises the rogue anti-spyware program AntiAID. Users will only encounter Antiaid.com if they have previously been infected with a stealthy Trojan related to the infection. Antiaid.com presents the fake security tool, AntiAID, as a reliable tool that can remove parasites. Antiaid.com contains misleading information; do not be fooled into purchasing the AntiAID rogueware.
Technical Information
File System Details
Antiaid.com creates the following file(s):
| # | File Name | Detection Count |
|---|---|---|
| 1 | %Temp%\2gbk87zj.exe | N/A |
| 2 | %Program Files%\AntiAID Software\AntiAID\uninstall.exe | N/A |
| 3 | %Program Files%\AntiAID Software\AntiAID\AntiAID.exe | N/A |
| 4 | %Temp%\8enyqcv1.exe | N/A |
| 5 | %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\2 Homepage.lnk | N/A |
| 6 | %Program Files%\AntiAID Software | N/A |
| 7 | %Temp%\nsj3.tmp | N/A |
| 8 | %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\1 AntiAID.lnk | N/A |
| 9 | %Documents and Settings%\All Users\Desktop\AntiAID.lnk | N/A |
| 10 | %Temp%\nss8.tmp | N/A |
| 11 | %Documents and Settings%\All Users\Start Menu\Programs\AntiAID | N/A |
| 12 | %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\3 Uninstall.lnk | N/A |
| 13 | %Program Files%\AntiAID Software\AntiAID | N/A |
| 14 | %Temp%\nsn6.tmp | N/A |
Registry Details
Antiaid.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “%System%\8enyqcv1.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiAID
HKEY_LOCAL_MACHINE\SOFTWARE\AntiAID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “%ProgramFiles%\AntiAID Software\AntiAID\AntiAID.exe -min”