Firm-av.com
Firm-av.com and Firm-av.microsoft.com are corrupt websites related to the Antivirus Suite cyberscam. The sites appear as system scans which produce false results claiming the computer is infected. The user will soon be bombarded by annoying popup warnings urging the purchase of Antivirus Suite. Do not become another victim of cybercrime and have all threats related to Antivirus Suite removed.
File System Details
Firm-av.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe | |
| 2. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]ftav.exe | |
| 3. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe |
Registry Details
Firm-av.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[random string].exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[random string].exe"
