Difference between revisions of "A-Fast Antivirus Scam"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m
Line 24: Line 24:
 
   Data: C:\Program Files\A-fast\A-fast.exe:*:Enabled:afast
 
   Data: C:\Program Files\A-fast\A-fast.exe:*:Enabled:afast
  
See this article at [http://www.2-spyware.com/remove-a-fast-antivirus.html Spyware.com].
+
* See this article at [http://www.2-spyware.com/remove-a-fast-antivirus.html Spyware.com].
 +
* BleepingComputer.com http://www.bleepingcomputer.com/virus-removal/remove-a-fast-antivirus
  
 
[[Category:Computer_Technology]]
 
[[Category:Computer_Technology]]

Revision as of 21:26, 21 March 2011

A-Fast Antivirus is a rogue anti-spyware program that uses misleading methods to scare users into thinking that their computers are infected with malware. It uses javascript and css within your web browser, including MSIE and Firefox, to mimic another well known antivirus program. It has been dubbed "scareware" by some writers.

A web site has malicious javascript code that causes an interface to appear, mimicking a legitimate looking antivirus scanning software. If you click one of the popups it installs a rogue security application.

Files

c:\Desktop\A-fast Antivirus.lnk

Folders

c:\ProgramFiles\A-fast

Registry entries

Key: HKEY_CURRENT_USER\Software\A-fast
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  Value: DosableTaskMgr
  Data: 01, 00, 00, 00
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  Value: fast
  Data: C:\Program Files\A-fast\A-fast.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfileAuthorizedApplications\List
  Value: C:\Program Files\A-fast\A-fast.exe
  Data: C:\Program Files\A-fast\A-fast.exe:*:Enabled:afast
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  Value: C:\Program Files\A-fast\A-fast.exe
  Data: C:\Program Files\A-fast\A-fast.exe:*:Enabled:afast