AntivirusPlus

AntivirusPlus

Found: 
2008-12-11
Known system changes: 

Created Files

  • %System%avp.id
  • %Windir%system\cmd
  • %Desktop%Antivirus Plus.lnk
  • %Desktop%AntiVirus Plus..lnk
  • %ApplicationData%Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.
  • %System%dmns.cfg
  • %CommonStartUp%AntiVirus Plus.lnk
  • %ApplicationData%Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk

Created Folders

  • %ProgramFiles%Antivirus Plus
  • %CommonPrograms%Antivirus Plus
  • %CommonStartMenu%Programs\Antivirus Plus
  • %Desktop%Antivirus Plus.
  • %StartMenu%Programs\AntiVirus Plus

Registry Entries

  • Key: HKEY_CLASSES_ROOT\CLSID\{D032570A-5F63-4812-A094-87D007C23012}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\WINDOWS\system\dop.exe
  • Data: C:\WINDOWS\system\dop.exe:*:Enabled:se
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\WINDOWS\system\rundll32.exe
  • Data: C:\WINDOWS\system\rundll32.exe:*:Enabled:rundll32
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\WINDOWS\system\se.exe
  • Data: C:\WINDOWS\system\se.exe:*:Enabled:se
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: se
  • Data: C:\WINDOWS\system\se.exe
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: shell
  • Data: C:\WINDOWS\system\rundll32.exe 00001
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\WINDOWS\system\dop.exe
  • Data: C:\WINDOWS\system\dop.exe:*:Enabled:se
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\WINDOWS\system\rundll32.exe
  • Data: C:\WINDOWS\system\rundll32.exe:*:Enabled:rundll32
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\WINDOWS\system\se.exe
  • Data: C:\WINDOWS\system\se.exe:*:Enabled:se
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: shell
  • Data: C:\WINDOWS\system\rundll32.exe
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: shell
  • Data: C:\WINDOWS\system\kernel32.exe 90001
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: shell
  • Data: C:\WINDOWS\system\rundll32.exe 70100
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\installer_70100.exe
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\installer_70100.exe:*:Enabled:installer
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\installer_70100.exe
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\installer_70100.exe:*:Enabled:installer
  • Key: HKEY_CLASSES_ROOT\CLSID\{B035573A-5F43-4862-A194-87D027C63012}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B035573A-5F43-4862-A194-87D027C63012}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: shell
  • Data: C:\WINDOWS\system\rundll32.exe 70154
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: svchost
  • Data: C:\WINDOWS\system\svchost.exe
  • Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • Value: AntiVirus Plus
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\AntiVirus Plus.70106.exe
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: shell
  • Data: C:\WINDOWS\system\rundll32.exe 1
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\4d27bd17e7ddfc8d1b3434ed7d37ceed.exe
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\4d27bd17e7ddfc8d1b3434ed7d37ceed.exe:*:Enabled:rundll32
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\installer_1.exe
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\installer_1.exe:*:Enabled:installer *
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\WINDOWS\system\svchost.exe
  • Data: C:\WINDOWS\system\svchost.exe:*:Enabled:svchost
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\4d27bd17e7ddfc8d1b3434ed7d37ceed.exe
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\4d27bd17e7ddfc8d1b3434ed7d37ceed.exe:*:Enabled:rundll32
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\installer_1.exe
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\installer_1.exe:*:Enabled:installer *
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\WINDOWS\system\svchost.exe
  • Data: C:\WINDOWS\system\svchost.exe:*:Enabled:svchost
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\fraudtool.win32.exe
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\fraudtool.win32.exe:*:Enabled:rundll32
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  • Value: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\fraudtool.win32.exe
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\fraudtool.win32.exe:*:Enabled:rundll32
  • Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • Value: AntiVirus Plus
  • Data: C:\Program Files\AntiVirus Plus\AntiVirus Plus.1.exe