Antispybase.com

Antispybase.com Description

Antispybase.com aka Antispybase.net is a rogue website that advertises and distributes the rogueware called AV Security Suite. Users that are infected with the trial version of AV Security Suite will have their Hosts files modified, causing their browsers to be frequently redirected to Antispybase.com. Users will also be redirected to Antispybase.com when they click on any of the links or security alerts displayed by AV Security Suite. Antispybase.com is not to be trusted and should be removed with a reliable security tool upon detection.

Technical Information

File System Details

Antispybase.com creates the following file(s):
# File Name Detection Count
1 [random string]tssd.exe N/A
2 [random string].exe N/A

Registry Details

Antispybase.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\AvSuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1'
HKEY_LOCAL_MACHINE\Software\AvSuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"