Description is a criminal website that promotes the purchase of the rogueware called Antivirus Soft. is usually encountered by users that have already been infected with Antivirus Soft, or by the browser hijacking Trojans associated with the rogueware. Once a victim visits a fake online system scan, security alerts and pop-ups will be launched in order to convince the victim that his/her PC in infected with numerous computer threats. Following the security notifications, the victim will be prompted to purchase the "full" version of Antivirus Soft in order to get rid of all the "detected" computer threats. and Antivirus Soft are both included in a scam to trick users into wasting their money on useless software.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Local Settings\Application Data\[random symbols]\[random symbols]sysguard.exe N/A
2 %UserProfile%\Local Settings\Application Data\[random symbols]\ N/A

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random symbols]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http="
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random symbols]"