Update October 27, 2009
Today I ran into AntiVirus plus again. I capped a FreeFixer log so you can see what changes this rogue antivirus program did:
FreeFixer v0.48 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-10-27 18:06
Registry Startups (3 whitelisted)
HKLM\..\Run, AntiVirus Plus = C:\Program Files\AntiVirus Plus\AntiVirus Plus.70155.exe
HKCU\..\Run, AntiVirus Plus = C:\Program Files\AntiVirus Plus\AntiVirus Plus.70155.exe
Autostart shortcuts
AntiVirus Plus.lnk, , C:\Program Files\AntiVirus Plus\AntiVirus Plus.70155.exe
AntiVirus Plus.lnk, , C:\Program Files\AntiVirus Plus\AntiVirus Plus.70155.exe
HOSTS file
78.159.125.60 us.search.yahoo.com
78.159.125.60 uk.search.yahoo.com
78.159.125.60 search.yahoo.com
78.159.125.60 www.google.com.br
78.159.125.60 www.google.it
78.159.125.60 www.google.es
78.159.125.60 www.google.co.jp
78.159.125.60 www.google.com.mx
78.159.125.60 www.google.ca
78.159.125.60 www.google.com.au
78.159.125.60 www.google.nl
78.159.125.60 www.google.co.za
78.159.125.60 www.google.be
78.159.125.60 www.google.gr
78.159.125.60 www.google.at
78.159.125.60 www.google.se
78.159.125.60 www.google.ch
78.159.125.60 www.google.pt
78.159.125.60 www.google.dk
78.159.125.60 www.google.fi
78.159.125.60 www.google.ie
78.159.125.60 www.google.no
78.159.125.60 www.google.com
78.159.125.60 www.google.de
78.159.125.60 www.google.fr
78.159.125.60 www.google.co.uk
No comments:
Post a Comment