Antivirat.com

Antivirat.com Description

When it comes to Antivirat.com, either the crooks behind the website move extremely quickly, or their web hosting provider does the moving for them. After a flurry of reports that Antivirat.com was a malicious website that promoted the rogue anti-virus program Antivirus Protection, the site seems to have been deleted. The domain name is actually up for sale. Unfortunately, that's no guarantee that Antivirat.com will not cause you any problems.

Why Antivirat.com May Continue to Pose Problems

The reason that Antivirat.com may continue to be a source of annoyance, more than anything else, is that the site was associated with a browser hijacker. A browser hijacker may either infect a computer by itself or accompany another piece of malware; and in this case, it may come along with Antivirus Protection. Because of its association with the fake security application Antivirus Protection, which is very prevalent and is being heavily promoted in a variety of malicious ways, the hijacker Antivirat.com may continue to cause infections.

As a browser hijacker, Antivirat.com changes your Internet settings, telling Windows that you are browsing through a proxy, so that the hijacker can control which websites you see. In this case, any site you attempt to visit, you will find yourself at Antivirat.com. Presently, if you find yourself redirected to that site, there will be nothing there, with the possible exception of a placeholder page. That doesn't mean that the malware can't still send you there, because it all depends on whether or not the people behind Antivirat.com and Antivirus Protection have updated their malware, and whether or not you have the most recent version of the malware. Regardless of whether or not the site is there, having your browser redirect you whenever you try to go online is a problem.

The Website Antivirat.com

Antivirat.com reportedly existed mainly to act as a payment page for Antivirus Protection. As such, Antivirat.com would have been identical to all of the other websites that promote that same fake security software. Because the site is not registered at present, there is very little information available. However, in general, every site has a hosting service or a service through which the domain was registered, and those services often shut down any of their websites that they find to be malicious or illegal. This means that it is a distinct possibility that it was one of these companies who shut down Antivirat.com. On the other hand, given the recent appearance of the site Antivirart.net, it may be the case that the con-artists behind the site made a spelling error and did not intend to use the site Antivirat.com. It is impossible to know for sure.

The disappearance of Antivirat.com is no guarantee that Antivirat.com will not reappear in the future, or that Antivirat.com will not show up using a different top-level domain, like .net or .org. When you're dealing with malware, you can't completely let your guard down about things like this. So, in the interest of your PC security, avoid Antivirat.com.

Technical Information

File System Details

Antivirat.com creates the following file(s):
# File Name Detection Count
1 %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe N/A
2 %Temp%\[RANDOM CHARACTERS]\ N/A

Registry Details

Antivirat.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = '127.0.0.1:33554'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures