Christian Mairoll Posted October 6, 2011 Report Share Posted October 6, 2011 The Emsisoft malware research team has discovered a new outbreak of the AV Guard Online. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVGuardOnline. AV Guard Online is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %SystemRoot%system32W1ivD3onFaHsJfL.exe %SystemRoot%system32lvvm.exe %AppData%zA0uvS2ib3m5Q6EAV Guard Online.ico %AppData%conhost.exe %AppData%csrss.exe %AppData%E84E.1B6 %AppData%ldr.ini %AppData%VwjUVelIBz0c %AppData%zA0uvS2ib3m5Q6E %AppData%nTZqjYCwkVzN %AppData%Microsoftcsrss.exe %UserProfile%DesktopAV Guard Online.lnk %Temp%4F.tmp %Temp%53.tmp %Temp%54.tmp %Temp%55.tmp %UserProfile%Start MenuProgramsAV Guard Online %UserProfile%Start MenuProgramsAV Guard OnlineAV Guard Online.lnk Create/modify registry entries: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRun“gTZqjYCkIrOyAuS8234A=%SystemRoot%system32W1ivD3onFaHsJfL.exe” HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRun“conhost=%AppData%Microsoftcsrss.exe” HKEY_LOCAL_MACHINEsystemCurrentControlSetHardware Profiles Link to comment Share on other sites More sharing options...
Recommended Posts