1. /
  2. Security Response/
  3. AVSecuritySuite

AVSecuritySuite

Updated:
July 5, 2010 7:28:42 AM
Type:
Misleading Application
Infection Length:
286,464 bytes
Name:
AV Security Suite
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.



The user is then prompted to pay for a full license of the application in order to remove the threats.


Installation

When the program is executed, it creates the following file:
%UserProfile%\Local Settings\Application Data\[FIRST SET OF RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe

Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[EIGHT RANDOM CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[FIRST SET OF RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[EIGHT RANDOM CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[FIRST SET OF RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe"

It also modifies the following registry entries to lower Internet Explorer security settings:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"CheckExeSignatures" = "no"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"EnabledV8" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"Enabled" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\"SaveZoneInformation" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\"LowRiskFileTypes" = ".exe"

It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE
  • HKEY_LOCAL_MACHINE\SOFTWARE\avSofT
  • HKEY_CURRENT_USER\Software\avSofT
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver