Av-protect.com

Av-protect.com also known as Av-protect.microsoft.com is a misleading domain that promotes the purchase of the rogueware Antivirus Soft. Av-protect.com is placed into victims' browsers by sneaky Trojans. Once on Av-protect.com, victims will be bombarded with alarming system scan reports, security alerts and pop-ups. These are all fabricated security notifications which are only displayed in order to trick victims into thinking that their machines are infected and then coerce them into purchasing the "full version" of Antivirus Soft. Users that are already infected with the trial version of Antivirus Soft are often directed to Av-protect.microsoft.com. When browsing other websites victims may be redirected to Av-protect.microsoft.com/block.php which is a fake warning page. Use an up-to-date and reliable anti-spyware application to remove the browser hijacking Trojans behind Av-protect.com and never purchase the useless Antivirus Soft application.

File System Details

Av-protect.com may create the following file(s):
# File Name Detections
1. %UserProfile%\Local Settings\Application Data\[random characters]\[random characters]sftav.exe
2. %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe

Registry Details

Av-protect.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1″

Trending

Most Viewed

Loading...