Antivirus-power.com

Antivirus-power.com Description

Antivirus-power.com is a criminal website that promotes the purchase of the rogueware called Antivirus Soft. Antivirus-power.com is usually encountered by users that have already been infected with Antivirus Soft, or by the browser hijacking Trojans associated with the rogueware. Once a victim visits Antivirus-power.com a fake online system scan, security alerts and pop-ups will be launched in order to convince the victim that his/her PC in infected with numerous computer threats. Following the security notifications, the victim will be prompted to purchase the "full" version of Antivirus Soft in order to get rid of all the "detected" computer threats. Antivirus-power.com and Antivirus Soft are both included in a scam to trick users into wasting their money on useless software.

Technical Information

File System Details

Antivirus-power.com creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Local Settings\Application Data\[random symbols]\[random symbols]sysguard.exe N/A
2 %UserProfile%\Local Settings\Application Data\[random symbols]\ N/A

Registry Details

Antivirus-power.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random symbols]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random symbols]"