AntivirSolution Description
AntivirSolution aka Antivir Solution is a rogue anti-virus from the same family as Antivir Solution Pro. On infiltrating a system, AntivirSolution will fabricate numerous security alerts and warnings in order to scare a victim into purchasing it as a remedy. Antivir Solution may also redirect a victim's browser to malicious websites that further promote the rogueware. AntivirSolution is a useless application that can neither detect nor remove legitimate computer threats.
Technical Information
File System Details
AntivirSolution creates the following file(s):
| # | File Name | Detection Count |
|---|---|---|
| 1 | HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution | N/A + |
| 2 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "" | N/A + |
| 3 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "" | N/A + |
| 4 | HKEY_CURRENT_USER\Software\AVSuitE | N/A + |
| 5 | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0" | N/A + |
| 6 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1" | N/A + |
| 7 | HKEY_CURRENT_USER\Software\AVSolution | N/A + |
| 8 | HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE | N/A + |
| 9 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5643" | N/A + |
| 10 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "" | N/A + |
Registry Details
AntivirSolution creates the following registry entry or registry entries:
Registry key
[HKEY_CLASSES_ROOT\.exe\shell\open\command]
[-HKEY_CLASSES_ROOT\secfile]
[HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
"Content Type"="application/x-msdownload"
[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]@="exefile"