1. /
  2. Security Response/
  3. AntiVirusAndTrojan

AntiVirusAndTrojan

Updated:
July 19, 2007 4:33:31 PM
Type:
Misleading Application
Name:
Anti-Virus&Trojan
Version:
7.46
Publisher:
Your-Soft
Risk Impact:
Medium
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000

Behaviour

When the program is executed, the following GUI is displayed showing a message that a virus has been found on the computer. This occurs before the software has performed any scan on the computer.




When a user attempts to scan the computer using the program, the following message is displayed:



The program then requests the user to purchase a registered version of the software in order to remove the reported threats:




Installation
When the program is executed, it creates the following files:
  • %UserDesktop%\Anti-Virus&Trojan.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Anti-Virus&Trojan.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Trojan\Anti-Virus&Trojan.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Trojan\Help.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Trojan\Uninstall.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Trojan\Visit Our Site.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Trojan.lnk
  • C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe
  • C:\Program Files\Anti-Virus&Trojan\Anti_Virus Help.chm
  • C:\Program Files\Anti-Virus&Trojan\hook.dll
  • C:\Program Files\Anti-Virus&Trojan\Products.htm
  • C:\Program Files\Anti-Virus&Trojan\unins000.dat
  • C:\Program Files\Anti-Virus&Trojan\unins000.exe
  • C:\Program Files\Anti-Virus&Trojan\virus.update
  • C:\Program Files\Anti-Virus&Trojan\Visit Our Site.url

Next, the program creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ett\Extension\{223563fe-345e-ffae-3c0f-fe62375789e1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Virus&Trojan_is1

Similar Security Risks

AntiVirusAndSpyware

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver