Siegare.com Description
Siegare.com aka Siegare.net is a malicious website. Siegare.com is the payment page for the rogueware called Antivirus Action. Numerous scare tactics and fake security notifications will be displayed on a victim's machine in order to coerce him/her into paying for the full version of Antivirus Action. Users should avoid visiting or clicking on anything on Siegare.com and never waste money purchasing Antivirus Action.
Technical Information
File System Details
Siegare.com creates the following file(s):
| # | File Name | Detection Count |
|---|---|---|
| 1 | %Temp%\{random}\{random}agnz.exe | N/A |
| 2 | %Temp%\{random} | N/A |
Registry Details
Siegare.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\{random}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33921"
"{random}agnz.exe"