HijackThis shows AntiMalware GO infection:
O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}.exeWhat AntiMalware GO does
AntiMalware GO is distributed through the use of trojans that come from various misleading websites. When the trojan is started, it will install this malware. On first run, AntiMalwareGO will configure itself to start automatically when Windows loads. Next, the fake antivirus will simulate a system scan and list a lot of false infections that actually does not exist!AntiMalware GO is a clone of AntiVira Av
AntiMalware GO will state that your computer is infected with adware, trojans, worms or malware with one purpose - to scare you into thinking that your PC in danger. Obviously, such results are a fraud, so you can freely ignore them.
While AntiMalware GO is running, it will flood your computer with fake security alert and notifications from Windows task bar. Moreover, the rogue will disable Task Manager and hijack Internet Explorer so, that it will display a misleading notification that states - "Internet Explorer Warning – visiting this web site may harm your computer!". Of course, all of these alerts and messages are a fake and like false scan results should be ignored.
Remember, AntiMalware GO is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the AntiMalware GO virus removal guide in order to remove this malware from your computer for free.
AntiMalware GO associated files and registry keys:
%Temp%\[RANDOM]\
%Temp%\[RANDOM]\[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:32115″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | [RANDOM]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [RANDOM]
No comments:
Post a Comment