Avprotectsoft.net
Avprotectsoft.net is a criminal domain that promotes rogue software such as Antivirus Soft. Users encounter Avprotectsoft.net after being infected with a Trojan associated with the website. Once a victim lands on Avprotectsoft.net, a fake online scan will be conducted claiming that the system is infected and the only remedy is to purchase the "full" version of Antivirus Soft. Do not purchase Antivirus Soft and never trust anything on Avprotectsoft.net.
File System Details
Avprotectsoft.net may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe | |
| 2. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sftav.exe |
Registry Details
Avprotectsoft.net may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
