Antiviractive.net
Antiviractive.net is a malicious domain that promotes the fake security program called AV Security Suite. Once AV Security Suite is inside a computer, it will modify a victim's browser settings causing the victim to be frequently redirected to Antiviractive.net or Antiviractive.net/block.php. Antiviractive.net/block.php is a bogus internet warning that claims there are connection problems that cannot be fixed unless the victim clicks the provided links and purchases the rogueware being promoted. Do not trust anything on Antiviractive.net.
File System Details
Antiviractive.net may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe | |
| 2. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string].exe |
Registry Details
Antiviractive.net may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_LOCAL_MACHINE\Software\AvSuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\AvSuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
