A-Fast Antivirus Scam
From Free Knowledge Base- The DUCK Project: information for everyone
A-Fast Antivirus is a rogue anti-spyware program that uses misleading methods to scare users into thinking that their computers are infected with malware. It uses javascript and css within your web browser, including MSIE and Firefox, to mimic another well known antivirus program. It has been dubbed "scareware" by some writers.
A web site has malicious javascript code that causes an interface to appear, mimicking a legitimate looking antivirus scanning software. If you click one of the popups it installs a rogue security application.
Files
c:\Desktop\A-fast Antivirus.lnk
Folders
c:\ProgramFiles\A-fast
Registry entries
Key: HKEY_CURRENT_USER\Software\A-fast Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Value: DosableTaskMgr Data: 01, 00, 00, 00 Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Value: fast Data: C:\Program Files\A-fast\A-fast.exe Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfileAuthorizedApplications\List Value: C:\Program Files\A-fast\A-fast.exe Data: C:\Program Files\A-fast\A-fast.exe:*:Enabled:afast Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List Value: C:\Program Files\A-fast\A-fast.exe Data: C:\Program Files\A-fast\A-fast.exe:*:Enabled:afast