1. /
  2. Security Response/
  3. AntivirusFraud

AntivirusFraud

Updated:
February 17, 2010 4:32:54 PM
Type:
Misleading Application
Name:
AntivirusFraud
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior
This program may be downloaded on to the computer by other threats. It may also be manually installed by clicking on certain Internet advertisements.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • C:\Documents and Settings\All Users\Desktop\Antivirus.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Antivirus.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Uninstall.lnk
  • %ProgramFiles%\Antivirus\Antivirus.exe
  • %ProgramFiles%\Antivirus\wscsvc32.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
  • %ProgramFiles%\Antivirus\AvBho.dll
  • %ProgramFiles%\Antivirus\Uninstall.exe


It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver