EclipseAntivirus

EclipseAntivirus

Found: 
2011-02-21
Description: 

Win32.FraudTool.EclipseAntivirus is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

 

Credit: Tachikoma

Known system changes: 

Files

Folders

%ApplicationData%\EclipseAntivirus

RegistryEntries

Key: HKEY_CLASSES_ROOT\CLSID\{3FF8AAD7-609A-C3D6-173B-F0660B6810A6}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EclipseAntivirus
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: AVe
Data: C:\Documents and Settings\<user>\Local Settings\Application Data\EclipseAntivirus\ave.exe