Description is a browser hijacker promoting the rogue anti-spyware application known as Fast Antivirus 2009. Due to affiliated trojans infiltrating the computer via security exploits and reconfiguring the browser settings, web-surfing activities are redirected to the domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing the fake spyware remover Fast Antivirus 2009.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\\All Users\Application Data\9adee5b\sqlite3.dll N/A
2 %UserProfile%\Recent\CLSV.dll N/A
3 %UserProfile%\Recent\energy.sys N/A
4 %UserProfile%\Recent\SICKBOY.dll N/A
5 %Documents and Settings%\\All Users\Application Data\9adee5b\mozcrt19.dll N/A
6 %UserProfile%\Recent\cid.dll N/A
7 %UserProfile%\Recent\dudl.dll N/A
8 %UserProfile%\Recent\PE.sys N/A
9 %Documents and Settings%\\All Users\Application Data\9adee5b\FastAV.exe N/A
10 %UserProfile%\Recent\ANTIGEN.sys N/A
11 %UserProfile%\Recent\ddv.dll N/A
12 %UserProfile%\Recent\gid.exe N/A
13 %UserProfile%\Recent\tempdoc.sys N/A
14 %Documents and Settings%\\All Users\Application Data\9adee5b\SysFld N/A
15 %Documents and Settings%\\All Users\Application Data\SysFld\fastav.cfg N/A
16 %UserProfile%\Application Data\Fast Antivirus 2009\Instructions.ini N/A
17 %UserProfile%\Recent\CLSV.tmp N/A
18 %UserProfile%\Recent\fix.drv N/A
19 %UserProfile%\Recent\PE.tmp N/A
20 %Documents and Settings%\\All Users\Application Data\9adee5b\17.mof N/A
21 %Documents and Settings%\\All Users\Application Data\SysFld N/A
22 %UserProfile%\Application Data\Fast Antivirus 2009\cookies.sqlite N/A
23 %UserProfile%\Desktop\Fast Antivirus 2009.lnk N/A
24 %UserProfile%\Recent\eb.tmp N/A
25 %UserProfile%\Recent\PE.drv N/A
26 %UserProfile%\Start Menu\Programs\Fast Antivirus 2009.lnk N/A
27 %Documents and Settings%\All Users\Application Data\9adee5b N/A
28 %Documents and Settings%\\All Users\Application Data\9adee5b\SysFld\ N/A
29 %UserProfile%\Application Data\Fast Antivirus 2009 N/A
30 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Fast Antivirus 2009.lnk N/A
31 %UserProfile%\Recent\eb.drv N/A
32 %UserProfile%\Recent\hijackthis.log.lnk N/A
33 %UserProfile%\Start Menu\Fast Antivirus 2009.lnk N/A

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Fast Antivirus 2009"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "898701124903"