Omegantivir.com

Omegantivir.com Description

Omegantivir.com also known as Omegantivir.net is a malicious website that promotes the rogueware AV Security Suite. A user that encounters Omegantivir.com is usually infected with the trial version of AV Security Suite which can infect a user's browser settings causing frequent redirections to the malicious domain. Users should never purchase anything on Omegantivir.com; this website is not to be trusted.

Technical Information

File System Details

Omegantivir.com creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe N/A
2 [random string].exe N/A

Registry Details

Omegantivir.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555'
HKEY_CURRENT_USER\Software\AvSuite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\Software\AvSuite