Antivirus Suite

1. Program description

Antivirus Suite is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner (Rogue Security Software).

2. Actions

Once the scan is started Antivirus Suite generates and shows fake messages about viruses, Trojans and worms detected on the computer. Still the detected viruses cannot be deleted unless the program license is purchased.

3. Files

During the installation Antivirus Suite copies the following files to the hard drive:

%UserProfile%\Local Settings\Application Data\[random characters]\
%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]tssd.exe

4. System registry

In order to function normally Antivirus creates the following branches in the system registry:

HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"

5. Screenshots of the program