Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

FRAUDTOOL.BESTMALWARE PROTECTION

 

 

 

Name:

Fraudtool.BestMalwareProtection

Added:

March 21, 2011

Type:

Fraudtool

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When Fraudtool.BestMalwareProtection is executed is will do the the following:

It will drop a copy of itself into the following directory:

%Appdata% %temp%

It will also create the following registry key entry to avoid detection by various security software:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] "Debugger" = "svchost.exe"

It  tries to block the following processes:

msseces.exe
MSASCui.exe
ekrn.exe
egui.exe
avgnt.exe
avcenter.exe
avscan.exe
avgfrw.exe
avgui.exe
avgtray.exe
avgscanx.exe
avgcfgex.exe
avgemc.exe
avgchsvx.exe
avgcmgr.exe
avgwdsvc.exe

And it will try to connect to the following links:

secxxe-guard.com
smaxxt-security.net
secuxxty-guard.com
guaxxd-smart.net
guaxxd-shield.net
smaxxt-protection.com
secuxxity-server.com
protexxtion-smart.net

This rogueware also contains spamming functionalities and will display fake security warning:

-Your PC may still be infected with dangerous viruses.
-Your PC may be vulnerable to security threats.
-Malware protection is not available in trial version -Your computer is infected!
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4