Av-look.com
Av-look.com is a fraudulent website that promotes the rogueware called AV Security Suite. Users that find themselves being frequently redirected to Av-look.com are usually infected with the trial version of AV Security Suite. Once AV Security Suite is inside a system it will modify the browser settings and display fake security notifications that will also redirect a user to Av-look.com if they are clicked on. Av-look.com is a misleading website that can be removed with a decent malware removal tool.
File System Details
Av-look.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Local Settings\Application Data\{random string}\{random string}tssd.exe | |
| 2. | %Documents and Settings%\[UserName]\Local Settings\Application Data\{random string}\{random string}.exe |
Registry Details
Av-look.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "{random string}"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{random string}"
