Pccareliveone.com
Pccareliveone.com is a criminal website that encourages users to purchase the rogueware called Windows Defender 2010. Users that are infected with Windows Defender 2010 are frequently redirected Pccareliveone.com where fake system scans, security alerts and pop-up warnings may be displayed in order to trick users into thinking that their machines are infected. Following the security notifications, Pccareliveone.com will persuade it's victims to purchase Windows Defender 2010 in order to remove the "detected" threats. Be sure not to fall for this scam.
File System Details
Pccareliveone.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Application Data\ave.exe |
Registry Details
Pccareliveone.com may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "ave.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "ave.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "ave.exe" /START "iexplore.exe"
