Ghost-Antivirus.com

Ghost-Antivirus.com Description

Ghost-Antivirus.com is a very deceiving web site that was created by hackers to advertise and sell the rogue security program called Ghost Antivirus. Ghost-Antivirus.com is not associated with the legitimate security program Ghost Antivirus from Symantec. Ghost-Antivirus.com can be very confusing in the way it describes the rogue Ghost Antivirus as a program that can detect and remove viruses. The rogue Ghost Antivirus cannot be trusted to perform any kind of helpful function on any computer. It is recommended that computer users avoid the Ghost-Antivirus.com website altogether.

Technical Information

File System Details

Ghost-Antivirus.com creates the following file(s):
# File Name Detection Count
1 %WINDOWS%\System32\[random symbols].dll N/A
2 %Program Files%\Ghost Antivirus\lib\WMILib.dll N/A
3 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\unins000.exe N/A
4 %Program Files%\Ghost Antivirus\ghostav.exe N/A
5 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\services.exe N/A
6 %Program Files%\Ghost Antivirus\unins000.dat N/A
7 %Program Files%\Ghost Antivirus\working.log N/A
8 %Program Files%\Ghost Antivirus\lib\ghost.sql N/A
9 %Program Files%\Ghost Antivirus\lib\version.db N/A
10 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk N/A
11 %Documents and Settings%\All Users\Application Data\Ghost Antivirus\ N/A
12 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\pguard.ini N/A
13 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\ N/A
14 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\times.conf N/A
15 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png N/A
16 %Program Files%\Ghost Antivirus\register.ico N/A
17 %Program Files%\Ghost Antivirus\web.ico N/A
18 %Program Files%\Ghost Antivirus\lib\ N/A
19 %Program Files%\Ghost Antivirus\lib\listing.cfg N/A
20 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\ N/A
21 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk N/A
22 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\uill.ini N/A
23 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk N/A
24 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\properties N/A
25 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png N/A
26 %Program Files%\Ghost Antivirus\ N/A
27 %Program Files%\Ghost Antivirus\uninst.ico N/A
28 %Program Files%\Ghost Antivirus\Languages\ N/A
29 %Program Files%\Ghost Antivirus\lib\Infected.wav N/A
30 %Documents and Settings%\All Users\Desktop\Ghost Antivirus.lnk N/A
31 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk N/A
32 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\settings.ini N/A
33 %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png N/A
34 %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\links.txt N/A
35 %Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk N/A

Registry Details

Ghost-Antivirus.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\FTP "SearchDir" = "%Program Files%\Ghost Antivirus\"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "3P_UDEC"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger" = "?"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ghost Antivirus_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Ghost Antivirus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "RealLogonType" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “onin”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent "URIAPRO[1.1.3.9]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "RealDebugger" = "?"

More Details on Ghost-Antivirus.com

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • 93.174.95.194 Ghost-antivirus com
  • 93.174.95.194 Ghost-pay com
  • 93.174.95.194 Ghostantivirus com
  • 93.174.95.194 Ghostpays com
  • 93.190.140.165 Softwareanti com
  • 93.190.140.165 Softwarejar com
  • 93.190.140.165 Softwarerising com
  • 93.190.140.165 Softwaresecure net
  • 93.190.140.165 Softwarespam net
  • 93.190.140.165 Softwarespyware net
  • 93.190.140.165 Softwarethe net
  • 93.190.140.165 Softwarethreats com
  • 93.190.140.165 Softwarethreats net
  • 93.190.140.165 Softwarexp net