1. Symantec/
  2. Security Response/
  3. AntivirusSystem2011

AntivirusSystem2011

Updated:
February 14, 2011 9:46:23 AM
Type:
Misleading Application
Name:
AntiVirus System 2011
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program reports false or exaggerated system security threats on the computer.




The user is then prompted to pay for a full license of the application in order to remove the threats.




Installation
When the program is executed, it creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Setup\Files

It then modifies the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices


It then makes the following HTTP requests:
http-harddrive.us/httpss/v=78&step=2&hostid=[UNIQUE_ID]
http-harddrive.us/getfile.php?r=[RANDOM_NUMBER]&p=[BASE64_ENCODED_INSTALL_LOCATION]
[10_NUMERALS].http-myprogramming.net

These requests are in order to download and install further misleading applications. At the time of writing the files downloaded were detected as Unvirex.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube