Antivirspace.com
Antivirspace.com is a malicious domain that promotes Security Suite - a rogue security application. Security Suite can surreptitiously infiltrate a computer system and display fake security alerts. Once a user clicks on the fake alerts or attempts to browse the internet, he/she will be redirected to Antivirspace.com and coerced into paying for the "licensed" version of Security Suite which does not even exist. Use a reliable anti-spyware application to remove Security Suite and stop the redirection to Antivirspace.com.
File System Details
Antivirspace.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %UserProfile%\Local Settings\Application Data\\[random]shdw.exe | |
| 2. | %UserProfile%\Local Settings\Application Data\[random] |
Registry Details
Antivirspace.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter ?Enabled? = ?0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations ?LowRiskFileTypes? = ?.exe?
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache ?%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ?ProxyEnable? =?1″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download ?RunInvalidSignatures? = ?1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ?ProxyServer? = ?http=127.0.0.1:6522″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ?[random]?
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download ?CheckExeSignatures? = ?no?
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ?ProxyOverride? = ??
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments ?SaveZoneInformation? = ?1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?[random]?
