Threat Database Rogue Websites Scan-virusremover2009.com

Scan-virusremover2009.com

Scan-virusremover2009.com is a browser hijacker promoting the rogue anti-spyware program known as System Security 2009. Due to affiliated trojans infiltrating the computer via security exploits and modifying the browser settings, web-surfing activities are redirected to the Scan-virusremover2009.com domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing the fake spyware remover System Security 2009.

File System Details

Scan-virusremover2009.com may create the following file(s):
# File Name Detections
1. %Program Files%\AdvancedVirusRemover\PAVRM.exe
2. %\Documents and Settings%\All Users\Application Data\00308937\00308937.exe
3. %UserProfile%\Desktop\System Security 2009.lnk
4. %Program Files%\AdvancedVirusRemover
5. %UserProfile%\Start Menu\Advanced Virus Remover.lnk
6. %\Documents and Settings%\All Users\Application Data\00308937\config.udb
7. %UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnk
8. %UserProfile%\Desktop\Advanced Virus Remover.lnk
9. %\Documents and Settings%\All Users\Application Data\00308937\pc00308937ins
10. %UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnk
11. %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk

Registry Details

Scan-virusremover2009.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\00308937
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009
HKEY_CURRENT_USER\Software\AVR
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "00308937"

Trending

Most Viewed

Loading...