Read the same in:    English  Deutsch  Polski  Русский  
You are welcome to subscribe to "New articles in Knowledge Base" mailing list.




Virus Activity

Virus Activity

virus activity is normal




 
Search :  
Search tips Article ID # :     
 

Antivir Solution Pro

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. For your convenience in this section we gathered all known rogue security software in one list by alphabet.


Antivir Solution Pro

 ID Article: 4481    Other languages:  Deutsch  Polski  Русский      Views for 7 days 9    Last modified on 2010 Jul 22 17:50 Printable version

1. Program description

Antivir Solution Pro is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner (Rogue Security Software).
The program is distributed via a web-site http://antispybox.com/. The program is a clone of such programs as AVSecurity Suite, Antivirus Suite and Antivirus Soft.

2. Actions

Once the scan is started Antivir Solution Pro generates and shows fake messages about viruses, Trojans and worms detected on the computer. Still the detected viruses cannot be deleted unless the program license is purchased.

3. Files

During the installation Antivir Solution Pro copies the following files to the hard drive:

%UserProfile%\Local Settings\Application Data\%random%\%random%.exe

4. System registry

In order to function normally Antivir Solution Pro creates the following branches in the system registry:

HKEY_LOCAL_MACHINE\software\AVSolution
HKEY_LOCAL_MACHINE\software\AVSuitE
HKEY_CURRENT_USER\software\AVSolution
HKEY_CURRENT_USER\software\AVSuitE
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, "%random%"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, "%random%"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyServer = http=127.0.0.1:5643
ProxyOverride = <local>
HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\PhishingFilter
EnabledV8 = 0×00000000 (0)
Enabled = 0×00000000 (0)

5. Screenshots of the program


 Did the provided info help you?

                       

 Give your detailed feedback.

 

Kaspersky Lab

Copyright © 1997-2014 Kaspersky Lab
Site map  |   International Support Service  |  Send us a suspected file
Login CompanyAccount  |   Register  |   FAQ for CompanyAccount  |   Login Your Personal Cabinet

Stay connected