Expert AntiVirus

Description:	Rogue Security Program
Risk Level:	Low
Date of First Occurence:	Tuesday, August 12, 2008
Software Developer:	(unknown)
Brief Info:	Rogue/Suspect Anti-Spyware Product "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
Removal:	This threat can be removed using "Spyware Terminator"

REMOVER SPYWARE »

Geographical Distribution of Threat "Expert AntiVirus"

Threat Info

View All

Detected Items

Detected Files: %WINDIR%\wincom137.dll MD5: 508AD6502860BA3796DE7E50810F1A72 Size:32816
Detected Files with variable Filenames:

Detecting items list:

Files by Name %PROGRAMFILES%\ExpertAntivirus\ExpertAntivirus.EXE %PROGRAMFILES%\ExpertAntivirus\extension.dll %PROGRAMFILES%\ExpertAntivirus\plugin.dll %PROGRAMFILES%\ExpertAntivirus\SpamBlocker.dll %PROGRAMFILES%\ExpertAntivirus\uninst.exe %START_PROGRAMS%\ExpertAntivirus\ExpertAntivirus v4.1 Un-Installer.lnk %START_PROGRAMS%\ExpertAntivirus\ExpertAntivirus v4.1 Website.lnk %START_PROGRAMS%\ExpertAntivirus\ExpertAntivirus v4.1.lnk %DESKTOP%\ExpertAntivirus v4.1.lnk %APPDATA%\Microsoft\Internet Explorer\Quick Launch\ExpertAntivirus v4.1.lnk %WINDIR%\system\ext32inc.dll %WINDIR%\wincom137.dll
Files by Directories %PROGRAMFILES%\ExpertAntivirus %START_PROGRAMS%\ExpertAntivirus
Files by CLSID or Name CLSID=16DD131D-C09F-4F83-A1E7-A2CF506EA27C CLSID=69EBF0DB-F6B5-4479-8352-AA632F522D34 CLSID=7C1530BD-16B0-41A9-B428-17EE8CBD3E06 CLSID=D7ABE914-B8CF-4602-9145-6BDAAEDA21AA CLSID=9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC
Registry Keys HKCR\ExpertAntivirus.Addin HKCR\ExpertAntivirus.Addin.1 HKCR\spamdet.SpamDetector HKCR\spamdet.SpamDetector.1 HKLM\SOFTWARE\ExpertAntivirus HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ExpertAntivirus.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExpertAntivirus HKCU\Software\Microsoft\Office\Outlook\Addins\ExpertAntivirus.Addin.1 HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\AdLoader HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Trace7 HKCU\Software\Microsoft\Windows\CurrentVersion\Shell\1das HKCU\Software\Microsoft\Windows\CurrentVersion\Shell\dnl7 HKCR\AppID\ad-protect.EXE HKCR\AppID\spamdet.DLL HKCR\AppID\{9DA1990B-9BCA-4c80-AEFB-11A40FA849F9} HKCR\AppID\{C628512D-A058-4BD4-B47B-B036F45FA02B} HKCR\ExpertAntivirus.Addin HKCR\ExpertAntivirus.Addin.1 HKCR\Interface\{214345B8-BB69-498D-A168-29F58F15D806} HKCR\Interface\{3E67E9DC-7294-44C3-BC99-EA6E29E74076} HKCR\Interface\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06} HKCR\Interface\{D59B2DD5-0609-4BDC-AB47-A9A28ABC482A} HKCR\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9} HKCR\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639} HKCR\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0} HKCR\spamdet.SpamDetector HKCR\spamdet.SpamDetector.1 HKLM\SOFTWARE\ExpertAntivirus
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=ExpertAntivirus

« Go to Software Database

Pesquise na nossa Base de Dados de Software

A base de dados Software

Últimas notícias sobre Malware

23. Setembro 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notícias antigas de malware »