Description is a criminal website that advertises and distributes the rogueware called AV Security Suite. Once the trial version of AV Security Suite is inside a system it will frequently redirect a victim's browser to A victim will also be redirected to whenever he/she clicks on the security notifications displayed by the rogueware.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe N/A
2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string].exe N/A

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http="
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"

One Comment

  • Archi:

    I just ran across this on a customers computer the other day. It would not let the system onto the internet using (IE) Internet Explorer. I had to get into safe mode, load an anti-maleware program and also scan the system in safe mode. Once done I found the after effects would still not the system onto the internet using IE. I then loaded Mozilla Firefox and was then able to use the internet.