SecurityAntivirus

SecurityAntivirus

Found: 
2010-02-09
Known system changes: 

Files

%Allusersprofile%\Application Data\d[random name]\SA[random name].exe
%Desktop%\Security Antivirus.lnk
%StartMenu%\Security Antivirus.lnk
%StartMenu%\Programs\Security Antivirus.lnk
%StartMenu%\Program\Security Antivirus.lnk

Folders

%ApplicationData%\Security Antivirus

RegistryEntries

The rogue will add hundreds of new keys within this registrykey:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XXX