AntivirusSystem2011

AntivirusSystem2011

Found: 
2011-02-09
Description: 

Win32.FraudTool.AntivirusSystem2011 is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

 

Credit: Tachikoma

Known system changes: 


Files

%Desktop%\AntiVirus System 2011.lnk

Folders

%ApplicationData%\AntiVirus System 2011

RegistryEntries

Key: HKEY_CURRENT_USER\Software\AntiVirus System 2011
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus System 2011
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: AntiVirus System 2011
Data: "C:\Documents and Settings\<user>\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe" /STARTUP
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: r8wuogurwvff
Data: C:\Documents and Settings\<user>\Desktop\securityhelper.exe
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: Security Manager
Data: C:\Documents and Settings\<user>\Application Data\AntiVirus System 2011\securitymanager.exe