Live-windowsantivirus.com

Live-windowsantivirus.com Description

Live-windowsantivirus.com is a malicious website that is involved in the malvertising of the rogueware XP Internet Security 2010. If your system is already infected with XP Internet Security 2010 then it may redirect you to Live-windowsantivirus.com when you click on one of its security alerts. However, live-windowsantivirus.com is typically encountered by users that have been infected with Trojans associated with the website.

Once victims visit live-windowsantivirus.com, a fake system scan will be launched followed by alarming reports of dangerous malware infections on the system. Victims will then be advised to purchase XP Internet Security 2010 in order to clear the system of all the "detected" threats. Live-windowsantivirus.com and XP Internet Security 2010 are not to be trusted; both programs should be eliminated as soon as they are detected.

Technical Information

File System Details

Live-windowsantivirus.com creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Local Settings\Application Data\av.exe N/A
2 %UserProfile%\Local Settings\Application Data\WRblt8464P N/A

Registry Details

Live-windowsantivirus.com creates the following registry entry or registry entries:
RegistryKey
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"