AntivirusAntispyware2011

AntivirusAntispyware2011

Found: 
2011-04-04
Description: 

Win32.FraudTool.AntivirusAntispyware2011 is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

Known system changes: 

Files

Folders
%ApplicationData%\AntiVirus AntiSpyware 2011

RegistryEntries
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: MicrosoftError
Data: c:\program files\common files\microsoft shared\dw\2052\applicationdwintl20.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: ProcexpProcess
Data: C:\Documents and Settings\rogue\Desktop\movie.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Value: ApplicationReporting
Data: c:\program files\common files\microsoft shared\dw\1033\reportingmicrosoft11.0.5510.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Value: PlayerLink
Data: c:\program files\windows media player\servicesmedia9.00.00.4503.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Value: ProcexpExplorer
Data: C:\Documents and Settings\rogue\Desktop\movie.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Value: ReportingMicrosoft11.0.6451
Data: c:\program files\common files\microsoft shared\dw\1025\microsoftreporting.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Value: resourcesresources
Data: c:\program files\broadcom\bacs\nl\bacsresources.exe
Key: HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus AntiSpyware 2011
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: AntiVirus AntiSpyware 2011
Data: "C:\Documents and Settings\<User>\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe" /STARTUP