1. Symantec/
  2. Security Response/
  3. AVSecuritySuite

AVSecuritySuite

Updated:
July 5, 2010 7:28:42 AM
Type:
Misleading Application
Infection Length:
286,464 bytes
Name:
AV Security Suite
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.



The user is then prompted to pay for a full license of the application in order to remove the threats.


Installation

When the program is executed, it creates the following file:
%UserProfile%\Local Settings\Application Data\[FIRST SET OF RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe

Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[EIGHT RANDOM CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[FIRST SET OF RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[EIGHT RANDOM CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[FIRST SET OF RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe"

It also modifies the following registry entries to lower Internet Explorer security settings:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"CheckExeSignatures" = "no"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"EnabledV8" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"Enabled" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\"SaveZoneInformation" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\"LowRiskFileTypes" = ".exe"

It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE
  • HKEY_LOCAL_MACHINE\SOFTWARE\avSofT
  • HKEY_CURRENT_USER\Software\avSofT
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube