Osawarepro2009.microsoft.com
Osawarepro2009.microsoft.com is a malicious web page that promotes the fake anti-spyware program Antivirus System PRO. Sneaky Trojans help spread Osawarepro2009.microsoft.com by surreptitiously infecting users' systems. On entering a system, Osawarepro2009.microsoft.com will display a fake warning that the victim is browsing an infected website. The victim will then be advised to purchase Antivirus System PRO in order to continue browsing safely. Osawarepro2009.microsoft.com and Antivirus System PRO are not to be trusted and should be removed with a recognized security application immediately.
File System Details
Osawarepro2009.microsoft.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | c:\WINDOWS\system32\iehelper.dll | |
| 2. | %ProgramFiles%\Antivirus System PRO\quarantine.vdb | |
| 3. | %ProgramFiles%\Antivirus System PRO\mbase.vdb | |
| 4. | %ProgramFiles%\Antivirus System PRO\conf.cfg | |
| 5. | %ProgramFiles%\Antivirus System PRO\queue.vdb |
Registry Details
Osawarepro2009.microsoft.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
HKEY_CURRENT_USER\Software\AvScan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
