Antivirus-protectsoft.microsoft.com
Antivirus-protectsoft.microsoft.com is an illicit web page that was created by hackers to take advantage of the Microsoft name to trick computer users. Usually Antivirus-protectsoft.microsoft.com will convince computer users into downloading and purchasing the rogue anti-spyware program called Antivirus Suite which can result in damages to the system that it is installed on. Antivirus-protectsoft.microsoft.com is usually visited by systems that are already infected with malware. A user's web browser may also be hijacked by Antivirus-protectsoft.microsoft.com causing it to navigate to an unwanted web page.
Registry Details
Antivirus-protectsoft.microsoft.com may create the following registry entry or registry entries:
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[random string].exe"
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]ftav.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[random string].exe"
