Www1.setupclean-softpc.in
Www1.setupclean-softpc.in is a malicious webpage that assists in the distribution and promotion of Security Antivirus - a rogue security program. Www1.setupclean-softpc.in is inserted into unsuspecting victims' browsers by stealthy Trojans. This will cause the victims to be frequently redirected to www1.setupclean-softpc.in where a fake online system scan will be conducted. Exaggerated scan reports, security alerts and pop-ups will be generated in order to convince the victims that their machines are infected with malware that can only be removed with the "full" version of Security Antivirus. Do not waste your money on Security Antivirus and use a decent security tool to rid your PC of www1.setupclean-softpc.in.
File System Details
Www1.setupclean-softpc.in may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll | |
| 2. | %Documents and Settings%\[UserName]\Recent\DBOLE.sys | |
| 3. | %Documents and Settings%\[UserName]\Recent\PE.exe | |
| 4. | %Documents and Settings%\[UserName]\Recent\std.exe | |
| 5. | %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe | |
| 6. | %Documents and Settings%\[UserName]\Recent\cid.dll | |
| 7. | %Documents and Settings%\[UserName]\Recent\ddv.sys | |
| 8. | %Documents and Settings%\[UserName]\Recent\runddlkey.dll | |
| 9. | %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll | |
| 10. | %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe | |
| 11. | %Documents and Settings%\[UserName]\Recent\ddv.dll | |
| 12. | %Documents and Settings%\[UserName]\Recent\PE.sys | |
| 13. | %Documents and Settings%\[UserName]\Recent\tjd.sys | |
| 14. | %Documents and Settings%\All Users\Application Data\345d567\SAV.ico | |
| 15. | %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk | |
| 16. | %Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd | |
| 17. | %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk | |
| 18. | %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv | |
| 19. | %Documents and Settings%\[UserName]\Recent\FS.drv | |
| 20. | %Documents and Settings%\[UserName]\Recent\PE.tmp | |
| 21. | %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk | |
| 22. | %Documents and Settings%\All Users\Application Data\345d567\72.mof | |
| 23. | %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk | |
| 24. | %Documents and Settings%\All Users\Application Data\345d567\SAVSys | |
| 25. | %Documents and Settings%\[UserName]\Application Data\Security Antivirus | |
| 26. | %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk | |
| 27. | %Documents and Settings%\[UserName]\Recent\energy.tmp | |
| 28. | %Documents and Settings%\[UserName]\Recent\PE.drv | |
| 29. | %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk | |
| 30. | %Documents and Settings%\All Users\Application Data\345d567 | |
| 31. | %Documents and Settings%\All Users\Application Data\345d567\BackUp | |
| 32. | %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items | |
| 33. | %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg | |
| 34. | %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite | |
| 35. | %Documents and Settings%\[UserName]\Recent\CLSV.drv | |
| 36. | %Documents and Settings%\[UserName]\Recent\gid.drv | |
| 37. | %Documents and Settings%\[UserName]\Recent\tjd.drv | |
| 38. | %Program Files%\Mozilla Firefox\searchplugins\search.xml |
Registry Details
Www1.setupclean-softpc.in may create the following registry entry or registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"
