Www1.useclean-atyour-sys.in

By Sumo3000 in Browser Hijackers

Translate To:

Www1.useclean-atyour-sys.in is a misleading website that is involved in the malvertising of Security Antivirus. Only victims that have previously been infected with Trojans related to www1.useclean-atyour-sys.in will encounter the malicious domain. Once a victim has visited www1.useclean-atyour-sys.in a fake online system scan will be run and the victim will be informed that his/her system is severely infected with harmful computer parasites. Bogus security alerts and pop-ups will also be launched to further scare the victim into purchasing the rogue Security Antivirus. Do not trust anything from www1.useclean-atyour-sys.in or Security Antivirus they are malicious programs that should be removed upon detection.

File System Details

Www1.useclean-atyour-sys.in may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	SA345d.exe
Name: SA345d.exe Type: Executable File
2.	%Documents and Settings%\All Users\Application Data\345d567\SA345d.exe
Name: %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe Type: Executable File
3.	%Documents and Settings%\[UserName]\Recent\cid.dll
Name: %Documents and Settings%\[UserName]\Recent\cid.dll Type: Dynamic link library
4.	%Documents and Settings%\[UserName]\Recent\ddv.sys
Name: %Documents and Settings%\[UserName]\Recent\ddv.sys Type: System file
5.	%Documents and Settings%\[UserName]\Recent\runddlkey.dll
Name: %Documents and Settings%\[UserName]\Recent\runddlkey.dll Type: Dynamic link library
6.	PE.exe
Name: PE.exe Type: Executable File
7.	%Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
Name: %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll Type: Dynamic link library
8.	%Documents and Settings%\[UserName]\Recent\ANTIGEN.exe
Name: %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe Type: Executable File
9.	%Documents and Settings%\[UserName]\Recent\ddv.dll
Name: %Documents and Settings%\[UserName]\Recent\ddv.dll Type: Dynamic link library
10.	%Documents and Settings%\[UserName]\Recent\PE.sys
Name: %Documents and Settings%\[UserName]\Recent\PE.sys Type: System file
11.	%Documents and Settings%\[UserName]\Recent\tjd.sys
Name: %Documents and Settings%\[UserName]\Recent\tjd.sys Type: System file
12.	ANTIGEN.exe
Name: ANTIGEN.exe Type: Executable File
13.	Std.exe
Name: Std.exe Type: Executable File
14.	%Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
Name: %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll Type: Dynamic link library
15.	%Documents and Settings%\[UserName]\Recent\DBOLE.sys
Name: %Documents and Settings%\[UserName]\Recent\DBOLE.sys Type: System file
16.	%Documents and Settings%\[UserName]\Recent\PE.exe
Name: %Documents and Settings%\[UserName]\Recent\PE.exe Type: Executable File
17.	%Documents and Settings%\[UserName]\Recent\std.exe
Name: %Documents and Settings%\[UserName]\Recent\std.exe Type: Executable File
18.	%Documents and Settings%\All Users\Application Data\345d567\SAV.ico
Name: %Documents and Settings%\All Users\Application Data\345d567\SAV.ico
19.	%Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
Name: %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk Type: Shortcut
20.	%Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd
Name: %Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd
21.	%Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
Name: %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk Type: Shortcut
22.	%Documents and Settings%\[UserName]\Recent\ANTIGEN.drv
Name: %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv Type: Device Driver
23.	%Documents and Settings%\[UserName]\Recent\FS.drv
Name: %Documents and Settings%\[UserName]\Recent\FS.drv Type: Device Driver
24.	%Documents and Settings%\[UserName]\Recent\PE.tmp
Name: %Documents and Settings%\[UserName]\Recent\PE.tmp Type: Temporary File
25.	%Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk
Name: %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk Type: Shortcut
26.	%Documents and Settings%\All Users\Application Data\345d567\72.mof
Name: %Documents and Settings%\All Users\Application Data\345d567\72.mof
27.	%Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
Name: %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk Type: Shortcut
28.	%Documents and Settings%\All Users\Application Data\345d567\SAVSys
Name: %Documents and Settings%\All Users\Application Data\345d567\SAVSys
29.	%Documents and Settings%\[UserName]\Application Data\Security Antivirus
Name: %Documents and Settings%\[UserName]\Application Data\Security Antivirus
30.	%Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk
Name: %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk Type: Shortcut
31.	%Documents and Settings%\[UserName]\Recent\energy.tmp
Name: %Documents and Settings%\[UserName]\Recent\energy.tmp Type: Temporary File
32.	%Documents and Settings%\[UserName]\Recent\PE.drv
Name: %Documents and Settings%\[UserName]\Recent\PE.drv Type: Device Driver
33.	%Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk
Name: %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk Type: Shortcut
34.	%Documents and Settings%\All Users\Application Data\345d567
Name: %Documents and Settings%\All Users\Application Data\345d567
35.	%Documents and Settings%\All Users\Application Data\345d567\BackUp
Name: %Documents and Settings%\All Users\Application Data\345d567\BackUp
36.	%Documents and Settings%\All Users\Application Data\345d567\Quarantine Items
Name: %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items
37.	%Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
Name: %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
38.	%Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite
Name: %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite
39.	%Documents and Settings%\[UserName]\Recent\CLSV.drv
Name: %Documents and Settings%\[UserName]\Recent\CLSV.drv Type: Device Driver
40.	%Documents and Settings%\[UserName]\Recent\gid.drv
Name: %Documents and Settings%\[UserName]\Recent\gid.drv Type: Device Driver
41.	%Documents and Settings%\[UserName]\Recent\tjd.drv
Name: %Documents and Settings%\[UserName]\Recent\tjd.drv Type: Device Driver
42.	%Program Files%\Mozilla Firefox\searchplugins\search.xml
Name: %Program Files%\Mozilla Firefox\searchplugins\search.xml

Registry Details

Www1.useclean-atyour-sys.in may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"

HKEY_CLASSES_ROOT\SA345d.DocHostUIHandlr

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"

HKEY_CURRENT_USER\Software\3

HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Www1.useclean-atyour-sys.in

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen