PCSecurity2011

PCSecurity2011

Found: 
2011-02-09
Description: 

Win32.FraudTool.PCSecurity2011 is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

 

Credit: Tachikoma

Known system changes: 

Files

C:\Documents and Settings\<user>\Application Data\Microsoft\conhost.exe

%ProgramFiles%\PC Security 2011\PC Security.exe

%temp%\4.exe

%temp%\csrss.exe


Folders

%ApplicationData%\Uninstall_Security
%ProgramFiles%\PC Security 2011
%ApplicationData%\PC Security 2011

RegistryEntries

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: conhost
Data: C:\Documents and Settings\<user>\Application Data\Microsoft\conhost.exe
Key: HKEY_CURRENT_USER\Software\PC Security 2011