Omegantivir.com Description
Omegantivir.com also known as Omegantivir.net is a malicious website that promotes the rogueware AV Security Suite. A user that encounters Omegantivir.com is usually infected with the trial version of AV Security Suite which can infect a user's browser settings causing frequent redirections to the malicious domain. Users should never purchase anything on Omegantivir.com; this website is not to be trusted.
Technical Information
File System Details
Omegantivir.com creates the following file(s):
| # | File Name | Detection Count |
|---|---|---|
| 1 | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe | N/A |
| 2 | [random string].exe | N/A |
Registry Details
Omegantivir.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555'
HKEY_CURRENT_USER\Software\AvSuite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\Software\AvSuite