Avsavior.com
Avsavior.com is a malicious website that is considered the main website for the rogueware called Antivirus Live 2010. Avsavior.com is spread via Trojans that place the website into users' Hosts files causing their browsers to be frequently redirected to it. Once a victim lands on Avsavior.com, fake security alerts and system scans will be displayed claiming that the system is infected. The victim will then be prompted to purchase the "full" version of Antivirus Live 2010 in order to fix the problem. Avsavior.com and Antivirus Live 2010 are not to be trusted; instead they should be removed with a reliable security tool upon detection.
File System Details
Avsavior.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %UserProfile%\Local Settings\Application Data\[random symbols]\[randomsymbols]sysguard.exe | |
| 2. | %UserProfile%\Local Settings\Application Data\[random symbols]\ |
Registry Details
Avsavior.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random symbols]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random symbols]"
