Avsavior.com

Avsavior.com Description

Avsavior.com is a malicious website that is considered the main website for the rogueware called Antivirus Live 2010. Avsavior.com is spread via Trojans that place the website into users' Hosts files causing their browsers to be frequently redirected to it. Once a victim lands on Avsavior.com, fake security alerts and system scans will be displayed claiming that the system is infected. The victim will then be prompted to purchase the "full" version of Antivirus Live 2010 in order to fix the problem. Avsavior.com and Antivirus Live 2010 are not to be trusted; instead they should be removed with a reliable security tool upon detection.

Technical Information

File System Details

Avsavior.com creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Local Settings\Application Data\[random symbols]\[randomsymbols]sysguard.exe N/A
2 %UserProfile%\Local Settings\Application Data\[random symbols]\ N/A

Registry Details

Avsavior.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random symbols]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random symbols]"