AntiVirus Plus



» If you can't view the screen shot (it's too small or unclear), you may have to click the screen shot when you put the mouse over the it.
» The view area is dependant upon your browser settings.

This sleek program is another to watch out for. So, don't be tricked.

Beware of this site: http://for-sunny-se.com/


It appears that the client was browsing the internet when their browser was hijacked and redirected to another site.


Below are entries found in the Registry(If you are unfamiliar with the registry...Leave this page NOW) and files associated with the program. AntiVirus Plus  AntiVirus Plus Logo

SEE MORE IMAGES BELOW

  1. Key Name: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Class Name:
    Last Write Time:
    Value 0
    Name: Pbaroheh
    Type: REG_SZ
    Data: rundll32.exe "C:\WINDOWS\ixecusuramujo.dll",Startup

    Value 1
    Name: net
    Type: REG_SZ
    Data: "C:\WINDOWS\system32\net.net"

    Value 2
    Name: smss32.exe
    Type: REG_SZ
    Data: C:\WINDOWS\system32\smss32.exe

    Value 3
    Name: AntiVirus Plus
    Type: REG_SZ
    Data: "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\User\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700


  2. Key Name: HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sgoehea
    Name: Type
    Type: REG_DWORD
    Data: 0x1 
  3. Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\_VOID
    Class Name:
    Last Write Time: */**/2010 - 11:10 PM
    Value 0
    Name: affid
    Type: REG_SZ
    Data: traf
    ****There will be a LOT of SUB entries here
  4. Key Name: HKEY_LOCAL_MACHINE\system\ControlSet001\Services\_VOIDd.sys
    Class Name: <no class> 
    Last Write Time: */**/2010 - 11:10 PM
    Value 0
    Name: start
    Type: REG_DWORD
    Data: 0x1 
    ****There will be a LOT of SUB entries here
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
" AntiVirus Plus"

You will find shortcuts to the program on the C:\Documents and Settings\<username>\Destop

you will also find this on the start menu


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a list of files you may find in the:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"C:\Documents and Settings\<username>\Application Data\AntiVirus Plus" Folder
            Size          Name
  1. 2,620,928  bytes » AntiVirus Plus.70700.dll 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a list of files you may find in the:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"C:\DOCUME~1\<username>\LOCALS~1\Temp" Folder
            Size          Name

  1. 32,260 bytes »   winlogon.exe
  2. 32,260 bytes »   smss.exe
  3. 32,260 bytes »   debug.exe
  4. 32,260 bytes »   drweb.exe
  5. 32,260 bytes »   win32.exe
  6. 32,260 bytes »   win.exe
  7. 32,260 bytes »   setup.exe
  8. 32,260 bytes »   avp.exe
  9. 32,260 bytes »   csrss.exe
  10. 32,260 bytes »   cmd.exe
  11. 32,260 bytes »    system.exe
  12. 20,001 bytes »    hkbmp.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a list of files you may find in the:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"C:\Documents and Settings\<username>\Application Data" Folder
            Size          Name
  1. 4,286 bytes »   avp.ico


Remember to always check here: C:\WINDOWS\Prefetch

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1. AntiVirus Plus

  2. AntiVirus Plus

  3. AntiVirus Plus

  4. AntiVirus Plus

  5. AntiVirus Plus

  6. AntiVirus Plus

  7. AntiVirus Plus

START OVER