Description is a deceptive domain that is involved in the advertisement and distribution of the rogue security application, Antivir. The URL usually comes with the '/block.php' extension at the end. Trojans related to Antivir, infect user's systems and redirect their browsers to continuously land on is basically a fake warning page that informs victims of the detection of web security issues. Users that click on anything on the page will be diverted to a page that severely advertises the purchase and installation of Antivir. is an untrustworthy website; do not purchase any rogueware promoted by the website.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %Program Files%\AV\antivir.exe N/A
2 %WINDOWS%\system32\UpdateCheck.dll N/A
3 %UserProfile%\Desktop\Antivir.lnk N/A
4 %Documents and Settings%\All Users\Start Menu\AV\Uninstall.lnk N/A
5 %Program Files%\Common Files\Uninstall\AV\Uninstall.lnk N/A
6 %Documents and Settings%\All Users\Start Menu\AV\Antivir.lnk N/A
7 %Program Files%\Common Files\Uninstall N/A
8 %Program Files%\Common Files\Uninstall\AV N/A
9 %Documents and Settings%\All Users\Start Menu\AV N/A
10 %Program Files%\AV N/A

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV”