MegaAntivirus2012

MegaAntivirus2012

Found: 
2011-02-22
Description: 

Win32.FraudTool.MegaAntivirus2012 is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

Known system changes: 

Files
%Windir%\install.exe

Folders


RegistryEntries

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe
Key: HKEY_CURRENT_USER\Software\hun
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value: Policies
Data: C:\WINDOWS\addons\addon.exe
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: HKCU
Data: C:\WINDOWS\addons\addon.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: addons
Data: C:\WINDOWS\addons\addon.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: SystemStart
Data: C:\WINDOWS\addons\ma2012.exe