Antivirea.com

Antivirea.com Description

ScreenshotPlease do not visit the site Antivirea.com, if you are able to avoid it. Antivirea.com pretends to be a website that sells anti-virus software, but the truth is, it is the payment website for a malware-based scam. In particular, Antivirea.com promotes the fake security program Antivirus Protection, a piece of malware that tries to scare the users of infected computers into paying money for a software license that doesn't exist. If you do find yourself at Antivirea.com, especially if your browser is going there on its own, it is important that you do not buy the fake security software offered on the site. Then again, if your browser is going to Antivirea.com on its own, then your PC is already infected with malware, and you need to proceed with caution anyway.

The Hijacker Antivirea.com

When people talk about Antivirea.com, they may be referring to the site itself, or to the browser hijacker infection that makes your web browser lead you to Antivirea.com. Since there is really no reason for the average person to know that Antivirea.com exists unless their computer is taking them there on its own, it's fair to say that practically everyone who visits the website Antivirea.com is using an infected computer.

The browser hijacker Antivirea.com may occur on its own, or Antivirea.com may be part of an infection with the rogue security program Antivirus Protection. Either way, the malware that is causing your browser to redirect you is able to do this because the malware makes changes to your Internet Settings, at the level of the Registry. What happens is that the hijacker Antivirea.com tells Windows that you are accessing the Internet through a proxy. This allows the hijacker Antivirea.com to control your access to specific Internet content. Generally, if you have the hijacker Antivirea.com on your system, then the only site you will be able to view is Antivirea.com. When you try to navigate to any other site, your browser will take you back to Antivirea.com, or you will get a phony error message within the browser window that says that you were prevented from viewing a malicious website.

Ultimately, not only does the hijacker promote a fake security product, but Antivirea.com also prevents you from getting help in removing the hijacking malware.

The Website Antivirea.com

As a website, Antivirea.com is literally identical to every other site that promotes Antivirus Protection, and there are a lot of them. Nonetheless, portions of Antivirea.com's site that claim to provide information on the Antivirus Protection "company" indicate that Antivirea.com is supposed to be the company's one and only real website. Of course, the company information isn't the only content that's fake, because practically everything else about Antivirea.com is lies and filler. The customer testimonials provided on the site are fake, and they are attributed to various different people on the different sites that promote Antivirus Protection. The customer support email form is laughable, because it's supposed to fool people into thinking that Antivirus Protection must be real if it offers customer support – but the email form is the only "support" option that the site has, and obviously no one really responds to the customer emails received through the form.

The site Antivirea.com includes a few other elements to try to make itself look legitimate, including some very basic definitions of malware terminology that seem to be there just in order to take up space. There are all kinds of crazy claims about the bogus "RescueScan" technology that Antivirus Protection is supposed to offer, as well as claims about the number of businesses that supposedly use Antivirus Protection. There is even a picture of a product box at the top of the front page of Antivirea.com, and in the picture, the product box says "Antivirus Soft" instead of "Antivirus Protection." (Antivirus Soft is a rogue security program related to Antivirus Protection, and their sites are basically identical.) However, the most important part of Antivirea.com, at least to the people behind the scam, is the payment page where you can use your credit card to purchase a completely worthless Antivirus Protection license.

The publicly-available registration information for Antivirea.com is really strange. According to its registration information, Antivirea.com belongs to the National Mango Board. Further adding to the oddity of the registration information for Antivirea.com, the address given for the registrant – the National Mango Board – is the mailing address for the nonprofit organization the Braille Association of Mid Florida. Clearly, these two pieces of information don't match up, and that makes sense if you realize that the registration information is completely fake. The IP address for Antivirea.com actually traces back to a location in Romania.

So there it is: Antivirea.com claims to sell Antivirus Protection, and Antivirus Protection is registered in the name of the National Mango Board, at the address of a Braille Association...with an IP address in Romania.You shouldn't trust anything you see on Antivirea.com.

Technical Information

File System Details

Antivirea.com creates the following file(s):
# File Name Detection Count
1 %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe N/A
2 %Temp%\[RANDOM CHARACTERS]\ N/A

Registry Details

Antivirea.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'
HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:59274'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'