Threat Database Rogue Websites Prowebantimalware.com

Prowebantimalware.com

Prowebantimalware.com will only be encountered by users that have been infected with Hosts file modifying Trojans. These Trojans ensure that victims are frequently redirected to Prowebantimalware.com. Prowebantimalware.com looks like a user's My Computer interface and once it has been viewed a fake system scan will be conducted on the victim's PC. The scan will reveal exaggerated results of malware infections then the victim will be advised to purchase the fake anti-spyware program, Antivir. Prowebantimalware.com is a malicious website and Antivir will not secure your PC in any way.

File System Details

Prowebantimalware.com may create the following file(s):
# File Name Detections
1. %Program Files%\AV\antivir.exe
2. %WINDOWS%\system32\UpdateCheck.dll
3. %Documents and Settings%\All Users\Start Menu\AV
4. %Program Files%\AV
5. %UserProfile%\Desktop\Antivir.lnk
6. %Documents and Settings%\All Users\Start Menu\AV\Uninstall.lnk
7. %Program Files%\Common Files\Uninstall\AV
8. %Program Files%\Common Files\Uninstall\AV\Uninstall.lnk
9. %Documents and Settings%\All Users\Start Menu\AV\Antivir.lnk
10. %Program Files%\Common Files\Uninstall

Registry Details

Prowebantimalware.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\EVAACD
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Trending

Most Viewed

Loading...