Antivir Solution Pro

1. Program description

Antivir Solution Pro is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner (Rogue Security Software).
The program is distributed via a web-site http://antispybox.com/. The program is a clone of such programs as AVSecurity Suite, Antivirus Suite and Antivirus Soft.

2. Actions

Once the scan is started Antivir Solution Pro generates and shows fake messages about viruses, Trojans and worms detected on the computer. Still the detected viruses cannot be deleted unless the program license is purchased.

3. Files

During the installation Antivir Solution Pro copies the following files to the hard drive:

%UserProfile%\Local Settings\Application Data\%random%\%random%.exe

4. System registry

In order to function normally Antivir Solution Pro creates the following branches in the system registry:

HKEY_LOCAL_MACHINE\software\AVSolution
HKEY_LOCAL_MACHINE\software\AVSuitE
HKEY_CURRENT_USER\software\AVSolution
HKEY_CURRENT_USER\software\AVSuitE
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, "%random%"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, "%random%"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyServer = http=127.0.0.1:5643
ProxyOverride = <local>
HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\PhishingFilter
EnabledV8 = 0×00000000 (0)
Enabled = 0×00000000 (0)

5. Screenshots of the program