Home Malware Programs Spyware Antivirok.com

Antivirok.com

Posted: April 8, 2011

Antivirok.com is a dangerous website that promotes rogue anti-virus programs like Antivirus Protection. These rogue anti-virus applications will infiltrate your computer while disguised as helpful security programs when their true purpose is to disable your PC security and hold the computer for ransom. Even if you know enough to avoid intentionally downloading anything from Antivirok.com, the Antivirok.com site may host malicious code that injects downloads into your computer without your permission. If you find your computer showing signs of being infected by an infection related to Antivirok.com, you should jump into action and remove Antivirok.com-related malware with trustworthy anti-malware tools.

The Multi-Headed Nature of the Antivirok.com Threat

Rogue security programs like the ones fraudulently marketed by Antivirok.com tend to go by many names, since they thrive on lack of recognition. Although Antivirok.com currently promotes Antivirus Protection, identical threats can be found with such diverse names as Antivirus Monitor, AntiMalware GO, Antivirus .NET and AntiVira AV. Likewise, Antivirok.com itself also has a number of mirror sites for each of these variations on the same basic rogue anti-virus program, with its most obvious mirror being Antivirok.net.

Getting infected by Antivirok.com-related malware usually takes one of two paths:

  • Upon accidentally visiting Antivirok.com, you may be convinced to download Antivirus Protection or another rogue security program through false pretenses. Most prominently, this can include Antivirok.com presenting a fake system scan display that requires additional downloads to cure imaginary infections on your PC.
  • If you don't download Antivirok.com's malware of your own free will, Antivirok.com may just force the files onto your computer in a hidden download powered by malicious Flash or JavaScript abuses. These security loopholes in browsers can be made much smaller if you keep your security settings high, but completely closing them isn't technically feasible, so any visit to Antivirok.com is a potentially dangerous one.

Rogue anti-virus programs like those that Antivirok.com promotes will usually frighten you with fake system alerts about keyloggers and other infections, usually with the aim of making you pay for a registration key. These rogue anti-virus programs can't help your PC and often engage in harmful behavior; for example, Antivirus Protection has been noted to block the use of almost all applications except for Internet Explorer.

Web Browser-Related Antivirok.com Traps

Infection by Antivirok.com-related malware will usually result in browser hijack attacks alongside all other provocations, with results like the following:

  • Your homepage may be set to Antivirok.com or a related website. This causes you to be passively exposed to malware-downloading scripts and other dangers, and manually reverting your homepage will fail in most cases.
  • Search engine results and other widely-used forms of content may be altered to contain links to malicious or ad-driven websites.
  • Beneficial websites such as Microsoft's own site and various security websites may be blocked off, either without a pretense or by the display of fake errors that tell you the site is unsafe.
  • In Antivirok.com's less subtle moments, Antivirok.com may even redirect you to itself over and over again, potentially barring you from accessing any other online content.

Removing Antivirok.com hijackers and related malware shouldn't be accomplished by deleting them the way you'd normally delete a file or program, since trying this is likely to cause other system problems. The preferable method for deleting Antivirok.com threats is by running system scans from widely-trusted anti-malware software.

If Antivirok.com's malware is preventing you from downloading or running the tools you need to delete Antivirok.com software, switching to Safe Mode may let you access the relevant utilities without any other obstacles in the way. Failing that, renaming the file as iexplore.exe may also let you slip by Antivirok.com's watchful guard.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\{RANDOM CHARACTERS}
    2 %Temp%\{RANDOM CHARACTERS}\{RANDOM CHARACTERS}.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:18810'HKEY_CURRENT_USER\Software\{RANDOM CHARACTERS}
Loading...