Royalantivirus.microsoft.com

Royalantivirus.microsoft.com Description

Royalantivirus.microsoft.com also known as Royalantivirus.com, is a malicious domain used to maladvertise rogue programs. Royalantivirus.microsoft.com uses deceptive advertisements to trick users into purchasing and installing Antivirus System PRO. Royalantivirus.microsoft.com is a warning page that informs its victims that they have been browsing unsafe websites. The warning page also advises the user to purchase Antivirus System PRO in order to continue browsing safely.

Trojans that are used to get Royalantivirus.microsoft.com onto the system, modify the Hosts file ensuring that the user will be frequently redirected to Royalantivirus.microsoft.com. Users should avoid browsing Royalantivirus.microsoft.com and use a legitimate security tool to remove the Trojan and files related to Royalantivirus.microsoft.com.

Technical Information

File System Details

Royalantivirus.microsoft.com creates the following file(s):
# File Name Detection Count
1 %ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe N/A
2 c:\WINDOWS\sysguard.exe N/A
3 %ProgramFiles%\Antivirus System PRO\uninstall.exe N/A

Registry Details

Royalantivirus.microsoft.com creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
HKEY_CURRENT_USER\Software\AvScan