1. /
  2. Security Response/
  3. AntivirusSystem2011

AntivirusSystem2011

Updated:
February 14, 2011 9:46:23 AM
Type:
Misleading Application
Name:
AntiVirus System 2011
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Behavior
The program reports false or exaggerated system security threats on the computer.




The user is then prompted to pay for a full license of the application in order to remove the threats.




Installation
When the program is executed, it creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Setup\Files

It then modifies the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices


It then makes the following HTTP requests:
http-harddrive.us/httpss/v=78&step=2&hostid=[UNIQUE_ID]
http-harddrive.us/getfile.php?r=[RANDOM_NUMBER]&p=[BASE64_ENCODED_INSTALL_LOCATION]
[10_NUMERALS].http-myprogramming.net

These requests are in order to download and install further misleading applications. At the time of writing the files downloaded were detected as Unvirex.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report