AV-Command.com
AV-Command.com is an illegitimate website that promotes fake security software such as Antivirus Soft. Trojans are used to distribute AV-Command.com and insert it into victims' Hosts files. This action will cause a victim's browser to be frequently redirected to AV-Command.com. Once a victim hits AV-Command.com, he/she will be redirected to AV-Command.Microsoft.com which is a fake security alert webpage. Scare tactics will then be used to persuade the victim that his/her PC is infected and the solution is to purchase the "licensed" version of Antivirus Soft. Do not trust anything advertised on AV-Command.com.
File System Details
AV-Command.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random]sysguard.exe | |
| 2. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random]sftav.exe |
Registry Details
AV-Command.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
