AV-Crew.net
AV-Crew.net is a dangerous domain that assists in the spread of Antivirus Soft - a rogue security application. Trojans are used to surreptitiously access users' machines and modify their Hosts files thus causing the victims to be frequently redirected to AV-Crew.net. Once a victim has landed on AV-Crew.net, he/she will receive false scan reports and security alerts claiming that the system is infected and the only way to clean it is by purchasing the "licensed" version of Antivirus Soft. AV-Crew.net is not to be trusted and users should not purchase any software advertised on this website.
File System Details
AV-Crew.net may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random]sysguard.exe | |
| 2. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random]sftav.exe |
Registry Details
AV-Crew.net may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
