Threat Database Browser Hijackers Av-guru.microsoft.com

Av-guru.microsoft.com

Av-guru.microsoft.com is a fake security warning page that is inserted into user's browsers by sneaky Trojans. Once a user's browser has been hijacked, he/she will be frequently redirected to Av-guru.microsoft.com when attempting to access other websites. Av-guru.microsoft.com will maliciously inform the user that the website he/she is about to visit may be infected, then the victim will be advised to purchase the "full" version of Antivirus Soft in order to continue browsing safely. Do not purchase any software promoted on Av-guru.microsoft.com.

File System Details

Av-guru.microsoft.com may create the following file(s):
# File Name Detections
1. %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe

Registry Details

Av-guru.microsoft.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"

Trending

Most Viewed

Loading...