Antispyoem.com

Antispyoem.com Description

Antispyoem.com is a rogue website that promotes Security Suite - a fake security application. Once Security Suite is inside a system it will modify the browser settings and cause the user to be redirected to Antispyoem.com. A victim will also be redirected to Antispyoem.com when he/she clicks on any of the fake security notifications displayed Security Suite. Use a reliable and recognized security tool to remove Antispyoem.com and the rogueware associated with it.

Technical Information

File System Details

Antispyoem.com creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Local Settings\Application Data\\{random}shdw.exe N/A
2 %UserProfile%\Local Settings\Application Data\{random}\ N/A

Registry Details

Antispyoem.com creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{random}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "{random}"