Antivirdial.com

Antivirdial.com Description

Antivirdial.com is a deceptive website that promotes the fake program called Security Suite. Antivirdial.com uses scare tactics to trick a user into providing sensitive credit card details. Once Security Suite is inside a computer, it will display fake security alerts then redirect the victim to Antivirdial.com/shop where the victim will be required to provide financial details in order to register for the "licensed version" of Security Suite. Never trust or purchase anything on Antivirdial.com. Both Antivirdial.com and Security Suite are malicious and should be removed immediately after detection.

Technical Information

File System Details

Antivirdial.com creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Local Settings\Application Data\\{random}shdw.exe N/A
2 %UserProfile%\Local Settings\Application Data\{random}\ N/A

Registry Details

Antivirdial.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{random}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "{random}"