Antisywire.com

Antisywire.com Description

Antisywire.com is a criminal domain which promotes Antivirus Action- a fake security application. Antivirus Action will place Antisywire.com into a victim's hosts file which will cause constant redirection to the malicious website. Fake security alerts and pop-ups will also be displayed and once a victim clicks on any of them he/she will be redirected to Antisywire.com. Users should avoid visiting or clicking on anything on Antisywire.com.

Technical Information

File System Details

Antisywire.com creates the following file(s):
# File Name Detection Count
1 %Temp%\[random]\[random]agnz.exe N/A
2 %Temp%\[random]\ N/A

Registry Details

Antisywire.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]agnz.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_CURRENT_USER\Software\[random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33921"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]agnz.exe"

One Comment

  • Remove Antisywire.com:

    Thank you VERY much for this guide! Exelent job! It helped me to prevent this crap...