Antivirdom.com Description
Antivirdom.com is a website created by hackers who look to promote and sell the rogue application called Security Suite. Security Suite is a fake security program that does not have the capability to detect or remove parasites therefore the Antivirdom.com site cannot be trusted. The welcome page for Antivirdom.com is also fabricated in a way to entice purchase of its offered malware. Users should avoid Antivirdom.com at all costs.
Technical Information
File System Details
Antivirdom.com creates the following file(s):
# | File Name | Detection Count |
---|---|---|
1 | %UserProfile%\Local Settings\Application Data\\{random}shdw.exe | N/A |
Registry Details
Antivirdom.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{random}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "{random}"