Antiviractive.net

Antiviractive.net Description

Antiviractive.net is a malicious domain that promotes the fake security program called AV Security Suite. Once AV Security Suite is inside a computer, it will modify a victim's browser settings causing the victim to be frequently redirected to Antiviractive.net or Antiviractive.net/block.php. Antiviractive.net/block.php is a bogus internet warning that claims there are connection problems that cannot be fixed unless the victim clicks the provided links and purchases the rogueware being promoted. Do not trust anything on Antiviractive.net.

Technical Information

File System Details

Antiviractive.net creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe N/A
2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string].exe N/A

Registry Details

Antiviractive.net creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_LOCAL_MACHINE\Software\AvSuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\AvSuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"