Pccareliveone.com Description

Pccareliveone.com is a criminal website that encourages users to purchase the rogueware called Windows Defender 2010. Users that are infected with Windows Defender 2010 are frequently redirected Pccareliveone.com where fake system scans, security alerts and pop-up warnings may be displayed in order to trick users into thinking that their machines are infected. Following the security notifications, Pccareliveone.com will persuade it's victims to purchase Windows Defender 2010 in order to remove the "detected" threats. Be sure not to fall for this scam.

Technical Information

File System Details

Pccareliveone.com creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Application Data\ave.exe N/A

Registry Details

Pccareliveone.com creates the following registry entry or registry entries:
Registry key
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "ave.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "ave.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "ave.exe" /START "iexplore.exe"