The program must be manually installed. The risk attempts to trick users into installing it through fake messages that appear in their Web browsers claiming that the computer has been compromised.
Once installed, the program reports false or exaggerated system security threats on the computer.
The user is then prompted to pay for a full license of the application in order to remove the threats.
The risk also displays various pop-up messages while the computer is in use. These fake messages cover the following topics:
- Internal conflict alerts
- Vulnerable files found
- Spyware Activity alerts
- Privacy Violation alerts
- System file modification alerts
The risk is a self-contained executable. It may arrive with the following file name:
When the program is executed, it creates the following files:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360\Help.lnk
%UserProfile%\Start Menu\Antivirus 360\Registration.lnk
It also creates the following registry subkey:
HKEY_CURRENT_USER\Software\[RANDOM HEXADECIMAL NUMBER]Similar Security Risks: