Threat Database Rogue Websites Livepcantispyware.com

Livepcantispyware.com

Livepcantispyware.com is a misleading website that distributes the fake security program called Windows Defender 2010. Livepcantispyware.com is inserted into a victim's Hosts file by a Trojan; once this is done the victim will be constantly redirected to Livepcantispyware.com. Livepcantispyware.com will conduct a fake system scan and report the detection of a number of dangerous computer threats. Do not believe any of the fake security notifications displayed on Livepcantispyware.com and do not follow any recommendations to purchase the "full" version of Windows Defender 2010.

File System Details

Livepcantispyware.com may create the following file(s):
# File Name Detections
1. %Documents and Settings%\[UserName]\Application Data\ave.exe

Registry Details

Livepcantispyware.com may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "ave.exe" /START "firefox.exe" -safe-mode
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "ave.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "ave.exe" /START "iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" "AntiVirusOverride" = "1"

Trending

Most Viewed

Loading...