FakeAV: AntiVirus Studio 2010

Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”.

Here we have the main interface. As usual it starts the scan without any user interaction and displays a long list of so-called threats.

AntiVirus Studio 2010 Main

You are then prompted with a Buy Now window which again shows the list of “threats” on the computer. The list of “threats” is hardcoded into the binary and will never change from system to system.

AntiVirus Studio 2010 Warning

If you click the Get License Key button the “Secure transaction browser” opens. Of course, this browser is not secure in any way.

AntiVirus Studio 2010 SecureBuy

I found this quiet amusing. Upon closing the main window you get this message box. (English clearly isn’t their first language)

AntiVirus Studio 2010 OMG...SPAM

This is a list of strings from the unpacked installer.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
0x00073870    0x00000014    Win64.BIT.Looker.exe
0x00073890    0x000000AD    Win64.BIT.Looker software that puts high physical demand on hardware may damage it by excessive wear and tear. This worm can be 
0x00073940    0x00000011    Screen.Grab.J.exe
0x00073960    0x000000AD    Screen.Grab.J is a Trojan program that records keys and license info, stealing personal financial information. This worm can be 
0x00073A10    0x0000000C    Sft.dez.Wien
0x00073A28    0x000000CA    Sft.dez.Wien is a virus attempts to spread itself by attaching to a host program, and can damage hardware, software or data in t
0x00073AF4    0x0000000A    CAlert2Dlg
0x00073B00    0x00000008    SYSCLOSE
0x00073B0C    0x00000006    Tahoma
0x00073B14    0x00000006    Tahoma
0x00073B1C    0x00000006    Tahoma
0x00073B24    0x00000007    Warning
0x00073B2C    0x00000035    Are you sure you want to leave this software working?
0x00073B64    0x00000007    Warning
0x00073B70    0x00000158    Are you wish to keep this software on your computer ? This can lead to private data steal such as passwords, and credit cards by
0x00073F00    0x0000000F    Security Center
0x00073F10    0x00000005    ALERT
0x00073F18    0x00000010    firewall
0x00073F2C    0x0000000C    ignore
0x00073F3C    0x00000022    Keep this remote connection alive?
0x00074108    0x00000008    CBrowser
0x000742B5    0x00000009    s (%s:%d)
0x000742D0    0x0000001E    Exception thrown in destructor
0x000742F0    0x0000004A    C:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
0x0007434C    0x00000008    CEulaDlg
0x00074358    0x00000013    AntiVirus Tech Ltd.
0x0007436C    0x00000014    {CompanyNamePutHere}
0x00074384    0x00000013    AntiVirus Tech Ltd.
0x00074398    0x00000014    {COMPANYNAMEPUTHERE}
0x000743B0    0x00000015    AntiVirus Studio 2010
0x000743C8    0x00000015    {SoftwareNamePutHere}
0x000743E0    0x00000015    AntiVirus Studio 2010
0x000743F8    0x00000015    {SOFTWARENAMEPUTHERE}
0x000745D8    0x00000009    CFakeBSOD
0x000745E8    0x0000004D    -A problem has been detected and Windows has been shut down to prevent damage
0x00074638    0x00000012    -to your computer.
0x00074650    0x0000004A    *The problem seems to have been caused by the following file: SPRMTROY.SYS
0x0007469C    0x00000015    *CRITICAL_VIRUS_ERROR
0x000746B4    0x0000003E    *Your computer will be rebooted. All unsaved data will be lost
0x000746F4    0x0000001F     Possibly stolen security data:
0x00074714    0x00000018     - Possible credit cards
0x00074730    0x0000000C     - Passwords
0x00074740    0x00000011     - Email accounts
0x00074758    0x00000047    *Dll base DataStmp  - Name                    Dll base DataStmp  - Name
0x000747A0    0x0000004E     FAC8A000  FAC8AC09 - Exploit-PDF.w           ACC8A000  ACC8AC09 - NTRootKit-H
0x000747F0    0x00000051     CA78C000  CA78C8D0 - W32/Renocide.c          BA78C000  CAB8C8D0 - W32/Renocide.c
0x00074848    0x0000004F     AC592000  AC592045 - Keygen-Nero.a           ACB92000  AC592A45 - BackDoor-EFQ
0x00074898    0x00000051     7A76A000  7A76A12A - Generic HTool.b         7A76A000  7A76B12A - Downloader-BRW
0x000748F0    0x0000004F     1AC7A000  1AC7AC09 - W32/Rimecud             1AB7A000  1ACBAC09 - RealAlert-EA
0x00074940    0x00000053     6A49C000  6A49C8DA - RealAlert-DZ            6A49C000  6A49C8DA - W32/Autorun.worm
0x00074998    0x00000054     FC552000  FC552045 - W32/Spybot.worm.gen     FCB52000  FCB5B045 - Generic Dropper.x
0x000749F0    0x00000050     CA06A000  CA06A12A - W32/Koobface.worm.gen.h CC06A000  CC06A12A - Keygen-Nero.a
0x00074A44    0x0000003E    *If this is the first time you've seen this Stop error screen,
0x00074A84    0x00000028    -press any key to restart your computer.
0x00074AB0    0x00000017    *Technical Information:
0x00074AC8    0x00000043    **** STOP: 0x00000050 (0xFD3094C2,0x00000001,0xFBFE7617,0x00000000)
0x00074B10    0x00000049    **** SPRMTROY.SYS - Address FBFE7617 base at FBFE5000, DateStamp 3d6dd67c
0x00074B5C    0x0000000B    Courier New
0x00074DD0    0x0000000B    ForceRemove
0x00074DE0    0x00000008    NoRemove
0x00074DF0    0x00000006    Delete
0x00074DFC    0x00000005    AppID
0x00074E04    0x00000005    CLSID
0x00074E0C    0x00000014    Component Categories
0x00074E24    0x00000008    FileType
0x00074E30    0x00000009    Interface
0x00074E3C    0x00000008    Hardware
0x00074E54    0x00000008    SECURITY
0x00074E60    0x00000006    SYSTEM
0x00074E68    0x00000008    Software
0x00074E74    0x00000007    TypeLib
0x00074E7C    0x0000000B    CHtmlDialog
0x00074E88    0x00000030    res://%hs/%hs/index.html
0x00075118    0x00000007    /ea.php
0x00075120    0x00000016    http://%s%s?p=1&aid=%s
0x00075138    0x00000007    /ea.php
0x00075140    0x00000016    http://%s%s?p=6&aid=%s
0x00075158    0x00000010    SeDebugPrivilege
0x0007516C    0x00000006    wscsvc
0x00075174    0x0000000C    SharedAccess
0x00075184    0x00000008    wuauserv
0x00075190    0x00000006    MpsSvc
0x00075198    0x0000000E    ivwqerohlh0fpo
0x000751A8    0x0000001A    bpwjxlswvtvxekrptj32410fpo
0x000751C4    0x0000000F    ivwqtvsgsp|1dqp
0x000751D4    0x00000025    Startup installer [%s], username [%s]
0x000751FC    0x00000005    /AID=
0x00075204    0x00000019    Reading AID from registry
0x00075228    0x00000009    BagNumber
0x00075234    0x00000020    Software\Microsoft\Windows\Shell
0x00075258    0x00000009    BagNumber
0x00075264    0x00000020    Software\Microsoft\Windows\Shell
0x00075288    0x0000000A    AID = [%s]
0x00075294    0x0000000A    /UNINSTALL
0x000752A0    0x0000000C    Auto-install
0x000752B0    0x0000000F    Install success
0x000752C0    0x0000000E    Install failed
0x000752D0    0x00000040    46EE38D925C2E49C79D2314B3380316026A18FFD6B8869420970254B581026FE
0x00075314    0x0000001C    Run install/uninstall thread
0x00075334    0x00000011    Uninstall success
0x00075348    0x00000010    Uninstall failed
0x0007535C    0x0000000E    Fake uninstall
0x0007536C    0x0000000F    Install success
0x0007537C    0x0000000F    Install success
0x0007538C    0x0000000E    Install failed
0x0007539C    0x0000000B    Thread done
0x000753A8    0x00000011    Microsoft Windows
0x000753C0    0x00000055    You should get a license for your antivirus software. Click here to get it instantly.
0x00075418    0x00000011    Microsoft Windows
0x00075430    0x0000017D    Base setup of Microsoft Windows (r) Operating System do not contain antivirus and antispyware software. In order to protect your
0x000756A8    0x00000006    Tahoma
0x000756B0    0x00000015    AntiVirus Studio 2010
0x0007570B    0x0000002D    By installing this software you are agree to 
0x0007573C    0x00000006    Tahoma
0x00075744    0x00000011    license and terms
0x00075758    0x00000015    AntiVirus Studio 2010
0x00075796    0x00000031    Press Yes to exit or No to continue installation.
0x000757C8    0x00000015    AntiVirus Studio 2010
0x000759C8    0x00000008    CMainDlg
0x000759D4    0x0000000C    System Error
0x000759E4    0x00000020    42FAF9222ABD3D7F564AEDBE0D2924F2
0x00075A08    0x00000020    42FAF9222ABD3D7F564AEDBE0D2924F2
0x00075A2C    0x00000020    42FAF9222ABD3D7F564AEDBE0D2924F2
0x00075A50    0x00000020    42FAF9222ABD3D7F564AEDBE0D2924F2
0x00075A74    0x00000012    securitycenter.exe
0x00075A88    0x00000019    AntiVirus Studio 2010.exe
0x00075AA4    0x00000008    ac7d.exe
0x00075AB0    0x00000012    securityhelper.exe
0x00075AC4    0x0000000C    rundll32.exe
0x00075AD4    0x00000007    cmd.exe
0x00075ADC    0x0000000C    explorer.exe
0x00075AEC    0x0000000C    iexplore.exe
0x00075AFC    0x00000009    dwwin.exe
0x00075B08    0x0000000B    dllhost.exe
0x00075B18    0x00000100    Program %s is infected with virus %s. Continue running this program may be dangerous to your computer and personal data. Running
0x00075C1C    0x00000011    Microsoft Windows
0x00075E08    0x00000013    map/set too long
0x00075E29    0x0000001A    nvalid map/set iterator
0x00075E5D    0x0000000A    MessageBox
0x00076200    0x00000012    vector too long
0x00076360    0x0000000C    CProgressDlg
0x00076374    0x00000006    Tahoma
0x00076380    0x00000056    The AntiVirus Studio 2010 uninstallation will be finished in few minutes. Please wait.
0x000763D8    0x00000015    AntiVirus Studio 2010
0x000765E8    0x0000002D    /httpss/setup.php?v=%s&action=%s&mk=%s&aid=%s
0x00076618    0x00000007    http://
0x00076620    0x00000015    AntiVirus Studio 2010
0x00076638    0x00000005    %s\%s
0x00076640    0x00000014    software path = [%s]
0x00076658    0x00000019    AntiVirus Studio 2010.exe
0x00076674    0x00000005    %s\%s
0x0007667C    0x00000013    software exe = [%s]
0x00076690    0x00000012    securityhelper.exe
0x000766A4    0x00000005    %s\%s
0x000766AC    0x00000016    uninstaller exe = [%s]
0x000766C4    0x0000001E    Software\AntiVirus Studio 2010
0x000766E4    0x00000011    reg subkey = [%s]
0x000766F8    0x00000026    {3217DABC-8ACF-757B-9E6E-6F00DC89ACEB}
0x00076720    0x00000026    {FBD69E67-C708-47be-B49F-33D4200B810D}
0x00076748    0x00000015    AntiVirus Studio 2010
0x00076760    0x00000015    AntiVirus Studio 2010
0x00076778    0x00000005    %s\%s
0x00076780    0x00000015    AntiVirus Studio 2010
0x00076798    0x00000009    %s\%s.lnk
0x000767A4    0x00000015    AntiVirus Studio 2010
0x000767BC    0x00000032    %s\Microsoft\Internet Explorer\Quick Launch\%s.lnk
0x000767F0    0x00000015    AntiVirus Studio 2010
0x00076808    0x00000015    %s\%s License Key.lnk
0x00076820    0x00000015    AntiVirus Studio 2010
0x00076838    0x0000002D    Software\Microsoft\Windows\CurrentVersion\Run
0x00076868    0x0000000E    SecurityCenter
0x00076878    0x0000002D    Software\Microsoft\Windows\CurrentVersion\Run
0x000768A8    0x00000049    Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Studio 2010
0x000768F4    0x00000020    2B0FD0C0AB089E52B0DC65596784EC45
0x00076918    0x00000026    {3217DABC-8ACF-757B-9E6E-6F00DC89ACEB}
0x00076940    0x00000020    52CFF1136AE99C08D55D96DEBBCB08C4
0x00076964    0x00000019    AntiVirus Studio 2010.exe
0x00076980    0x00000012    securitycenter.exe
0x00076994    0x00000008    ac7d.exe
0x000769A0    0x00000013    distrib file = [%s]
0x000769B4    0x00000011    distrib extracted
0x000769C8    0x00000016    [%s] installed to [%s]
0x000769E0    0x00000024    [%s] copied to [%s] with result [%d]
0x00076A08    0x0000001E    http://www.%%s/buy/index/%s/%s
0x00076A28    0x0000000E    buy url = [%s]
0x00076A38    0x00000006    BuyUrl
0x00076A40    0x0000000D    "%s" /STARTUP
0x00076A50    0x00000015    AntiVirus Studio 2010
0x00076A68    0x0000002D    Software\Microsoft\Windows\CurrentVersion\Run
0x00076A98    0x00000005    ADVid
0x00076AA0    0x0000000A    InstallDir
0x00076AAC    0x00000015    AntiVirus Studio 2010
0x00076AC4    0x00000006    SoftID
0x00076ACC    0x00000013    ScanSystemOnStartup
0x00076AE0    0x00000014    AutomaticallyUpdates
0x00076AF8    0x0000000F    MinimizeOnStart
0x00076B08    0x0000000E    BackgroundScan
0x00076B18    0x00000015    BackgroundScanTimeout
0x00076B30    0x00000015    AntiVirus Studio 2010
0x00076B48    0x0000000B    DisplayName
0x00076B58    0x00000049    Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Studio 2010
0x00076BA4    0x0000000F    "%s" /UNINSTALL
0x00076BB4    0x0000000F    UninstallString
0x00076BC8    0x00000049    Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Studio 2010
0x00076C14    0x00000006    "%s",1
0x00076C1C    0x0000000B    DisplayIcon
0x00076C28    0x00000049    Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Studio 2010
0x00076C74    0x00000015    AntiVirus Studio 2010
0x00076C8C    0x00000005    %s\%s
0x00076C94    0x00000015    AntiVirus Studio 2010
0x00076CAC    0x00000009    %s\%s.lnk
0x00076CB8    0x00000015    AntiVirus Studio 2010
0x00076CD0    0x00000009    %s\%s.lnk
0x00076CDC    0x00000015    AntiVirus Studio 2010
0x00076CF4    0x00000012    %s\Activate %s.lnk
0x00076D08    0x00000009    /REGISTER
0x00076D14    0x00000015    AntiVirus Studio 2010
0x00076D2C    0x00000019    %s\How to Activate %s.lnk
0x00076D48    0x0000000E    /registration/
0x00076D58    0x0000000B    http://www.
0x00076D64    0x0000000E    http://%s/help
0x00076D74    0x00000015    AntiVirus Studio 2010
0x00076D8C    0x0000000E    %s\Help %s.lnk
0x00076D9C    0x00000015    AntiVirus Studio 2010
0x00076DB4    0x00000032    %s\Microsoft\Internet Explorer\Quick Launch\%s.lnk
0x00076DE8    0x0000001A    install complete, wait gui
0x00076E04    0x0000001A    gui done, execute software
0x00076E20    0x00000017    delete temp file = [%s]
0x00076E38    0x00000012    execute cmd = [%s]
0x00076E4C    0x00000016    create process success
0x00076E64    0x00000024    create process failed with code [%d]
0x00076E8C    0x00000006    gle=%d
0x00076E94    0x00000017    extract distrib to [%s]
0x00076EAC    0x0000002B    create file success, write file return [%d]
0x00076ED8    0x00000021    create file failed with code [%d]
0x00076EFC    0x00000006    gle=%d
0x00076F04    0x0000001C    install distrib [%s] to [%s]
0x00076F24    0x00000005    13:48
0x00076F2C    0x00000015    "%s" -p"%s" -y -o"%s"
0x00076F44    0x00000011    command line [%s]
0x00076F58    0x00000016    create process success
0x00076F70    0x00000008    output {
0x00076F7C    0x00000008    } output
0x00076F88    0x00000024    create process failed with code [%d]
0x00076FB0    0x00000006    gle=%d
0x00076FB8    0x00000021    create pipe failed with code [%d]
0x00076FDC    0x00000008    dir [%s]
0x00076FE8    0x00000013    cmd.exe /C dir "%s"
0x00076FFC    0x00000011    command line [%s]
0x00077010    0x00000016    create process success
0x00077028    0x00000008    output {
0x00077034    0x00000008    } output
0x00077040    0x00000024    create process failed with code [%d]
0x00077068    0x00000006    gle=%d
0x00077070    0x00000021    create pipe failed with code [%d]
0x00077094    0x00000010    Invalid DateTime
0x000770A8    0x00000014    Invalid DateTimeSpan
0x000770C0    0x0000000E    bad allocation
0x000770D0    0x0000000A    CUninstDlg
0x000770DC    0x00000017    /uninstall.php?machine=
0x000770F4    0x00000007    http://
0x000770FC    0x0000000B    Hello world
0x00077108    0x0000000C    explorer.exe
0x00077120    0x00000015    AntiVirus Studio 2010
0x00077138    0x00000042    Uninstall key is correct. Are you sure want to continue uninstall?
0x0007717C    0x00000015    AntiVirus Studio 2010
0x00077194    0x0000001A    Unistall key is incorrect.
0x000771B0    0x00000015    AntiVirus Studio 2010
0x00077EF8    0x00000010    IDR_SKIN_%02X_%s
0x00077F0C    0x00000012    IDR_SKIN_%02X_%08X
0x00077F28    0x00000014    IDR_SKIN_%02X_%s_RGN
0x00077F40    0x00000016    IDR_SKIN_%02X_%08X_RGN
0x00077F60    0x00000015    IDR_SKIN_%02X_%s_%02X
0x00077F78    0x00000017    IDR_SKIN_%02X_%08X_%02X
0x000782DE    0x00000011    Y@SkinButtonGroup
0x000782F0    0x0000000F    SkinButtonGroup
0x00078300    0x0000000F    SkinButtonGroup
0x00078310    0x0000000F    SkinButtonGroup
0x000784A0    0x0000000F    RegEdit_RegEdit
0x000784B8    0x0000000B    Regedit.exe
0x000784C4    0x0000000F    RegEdit_RegEdit
0x000784D4    0x00000011    HKEY_CLASSES_ROOT
0x000784E8    0x00000011    HKEY_CURRENT_USER
0x000784FC    0x00000012    HKEY_LOCAL_MACHINE
0x00078510    0x0000000A    HKEY_USERS
0x0007851C    0x00000015    HKEY_PERFORMANCE_DATA
0x00078534    0x00000013    HKEY_CURRENT_CONFIG
0x00078548    0x0000000D    HKEY_DYN_DATA
0x00078558    0x00000006    HKEY_C
0x00078560    0x00000007    HKEY_CU
0x00078568    0x00000006    HKEY_L
0x00078570    0x00000006    HKEY_U
0x00078578    0x00000006    HKEY_P
0x00078580    0x0000000E    HKEY_CURRENT_C
0x00078590    0x00000006    HKEY_D
0x00078598    0x0000000D    SysTreeView32
0x000785A8    0x0000000D    SysListView32
0x000785B8    0x00000005    logs.
0x000785C0    0x00000005    %u.%s
0x000785C8    0x0000000D    httpsquer.com
0x000785E8    0x00000005    logs.
0x00078691    0x0000000C    ad json_cast
0x000786C1    0x00000013    os_base::eofbit set
0x000786D8    0x00000015    ios_base::failbit set
0x000786F0    0x00000014    ios_base::badbit set
0x00078715    0x00000007    ad cast
0x0007875E    0x0000001A    Akernel32.dIl
0x0007877C    0x0000000C    kernel32.dIl
0x00078798    0x0000000D    Shell_TrayWnd
0x000787A8    0x0000000F    S:(ML;;NW;;;LW)
0x000787B8    0x0000001E    Software\AntiVirus Studio 2010
0x000787DC    0x0000000E    bad allocation
0x000787EC    0x00000006    Trojan
0x000787F4    0x00000005    Virus
0x00078804    0x0000000D    Keygen-Nero.a
0x00078814    0x00000009    rtfme.exe
0x00078820    0x0000001F    TrojanDownloader:Win32/Renos.KO
0x00078840    0x00000009    17dkf.exe
0x0007884C    0x00000018    Adware:Win32/Wheresphere
0x00078868    0x0000000B    qwedvor.exe
0x00078874    0x00000022    TrojanDownloader:Win32/Bredolab.AB
0x00078898    0x0000000D    winlogoff.exe
0x000788A8    0x0000001D    TrojanDownloader:BAT/Lnkget.X
0x000788C8    0x0000000A    format.exe
0x000788D4    0x00000019    Trojan:Win32/Hiloti.gen!D
0x000788F0    0x00000008    test.exe
0x000788FC    0x00000017    Trojan:Win32/Cryptrun.B
0x00078914    0x0000000D    destroyer.exe
0x00078924    0x00000017    Exploit:Win32/Pdfjsc.DE
0x0007893C    0x0000000A    dffuck.exe
0x00078948    0x0000001E    Backdoor:Win32/Poisonivy.gen!A
0x00078968    0x00000008    lols.exe
0x00078974    0x0000001F    TrojanDownloader:Win32/Renos.KN
0x00078994    0x0000000A    hodeme.exe
0x000789A0    0x00000017    Trojan:JS/Redirector.BQ
0x000789B8    0x00000009    cffd4.exe
0x000789C4    0x0000001A    Worm:Win32/Conficker.B!inf
0x000789E0    0x00000006    fe.exe
0x000789E8    0x0000001A    Worm:Win32/Autorun.gen!inf
0x00078A04    0x0000000A    poertd.exe
0x00078A10    0x00000017    Exploit:Win32/Pdfjsc.CR
0x00078A28    0x0000000E    protector2.exe
0x00078A38    0x00000017    Trojan:Win32/Alureon.CT
0x00078A50    0x00000008    safe.exe
0x00078A5C    0x00000019    TrojanDownloader:JS/Renos
0x00078A78    0x00000009    timem.exe
0x00078A84    0x00000016    Worm:Win32/Conficker.C
0x00078A9C    0x0000000A    hiphop.exe
0x00078AA8    0x00000015    Virus:Win32/Alureon.F
0x00078AC0    0x0000000A    2010yo.exe
0x00078ACC    0x00000015    Virus:Win32/Sality.AM
0x00078AE4    0x0000000B    rsrtd12.exe
0x00078AF0    0x00000016    Worm:Win32/Conficker.B
0x00078B08    0x0000000B    dkfjd93.exe
0x00078B14    0x0000001A    Exploit:HTML/IframeRef.gen
0x00078B30    0x0000000E    cocksucker.exe
0x00078B40    0x00000017    Trojan:Win32/Alureon.CT
0x00078B58    0x00000008    kock.exe
0x00078B64    0x00000014    Trojan:Win32/FakeXPA
0x00078B7C    0x0000000A    ploper.exe
0x00078B88    0x0000001F    TrojanDownloader:Win32/Renos.KG
0x00078BA8    0x0000000C    kjh102k3.exe
0x00078BB8    0x00000019    Trojan:Win32/Hiloti.gen!D
0x00078BD4    0x0000000C    hjkgfddd.exe
0x00078BE4    0x00000021    Adware:Win32/ZangoShoppingreports
0x00078C08    0x0000000A    wergfq.exe
0x00078C14    0x00000016    Adware:Win32/GameVance
0x00078C2C    0x00000009    lorsk.exe
0x00078C38    0x00000020    BrowserModifier:Win32/BaiduSobar
0x00078C5C    0x0000000A    cosock.exe
0x00078C68    0x00000013    Adware:Win32/Gibmed
0x00078C7C    0x0000000A    ddhelp.exe
0x00078C88    0x0000001F    TrojanDownloader:Win32/Renos.KF
0x00078CA8    0x00000009    wined.exe
0x00078CB4    0x00000013    Adware:Win32/Hotbar
0x00078CC8    0x00000009    brdss.exe
0x00078CD4    0x00000017    Worm:Win32/Taterf.gen!A
0x00078CEC    0x0000000A    hardwh.exe
0x00078CF8    0x00000016    PWS:Win32/Ceekat.gen!A
0x00078D10    0x0000000A    winifi.exe
0x00078D1C    0x00000016    Worm:Win32/Conficker.C
0x00078D34    0x00000009    rator.exe
0x00078D40    0x00000013    PWS:Win32/Lolyda.AU
0x00078D54    0x0000000A    snowif.exe
0x00078D60    0x00000014    Worm:Win32/Rimecud.A
0x00078D78    0x00000009    sycre.exe
0x00078D84    0x00000017    PWS:Win32/Frethog.gen!B
0x00078D9C    0x0000000A    altedf.exe
0x00078DA8    0x00000016    Worm:Win32/Conficker.B
0x00078DC0    0x00000008    dc_3.exe
0x00078DCC    0x00000014    Worm:Win32/Rimecud.B
0x00078DE4    0x0000000B    ljts-23.exe
0x00078DF0    0x00000013    Worm:Win32/Hamweq.A
0x00078E04    0x0000000A    d20mes.exe
0x00078E10    0x00000013    Worm:Win32/Taterf.B
0x00078E24    0x0000000A    dgxdro.exe
0x00078E30    0x00000011    Generic Dropper.x
0x00078E44    0x00000009    56493.exe
0x00078E50    0x00000019    W32/Autorun.worm!5492698F
0x00078E6C    0x0000000C    wrfwe_di.exe
0x00078E7C    0x0000000C    RealAlert-DI
0x00078E8C    0x0000000C    lkhgg_ea.exe
0x00078E9C    0x0000000C    RealAlert-EA
0x00078EAC    0x0000000D    8gmsed-bd.exe
0x00078EBC    0x00000015    BackDoor-DKA Internet
0x00078ED4    0x0000000B    bzqa43d.exe
0x00078EE0    0x00000010    Downloader-BQZ.a
0x00078EF4    0x0000000C    tryh-blv.exe
0x00078F04    0x0000000E    Downloader-BLV
0x00078F14    0x0000000A    puzpup.exe
0x00078F20    0x00000016    Generic Pup.z!7ec2eb2a
0x00078F38    0x0000000B    hvipws9.exe
0x00078F44    0x00000012    Generic PWS.y!hv.i
0x00078F58    0x0000000D    jdhellwo3.exe
0x00078F68    0x00000017    W32/Koobface.worm.gen.h
0x00078F80    0x0000000C    eelnvd13.exe
0x00078F90    0x0000001F    W32/Autorun.worm.gen.h!7ec2eb2a
0x00078FB0    0x0000000F    a75wef8e0e7.exe
0x00078FC0    0x00000019    W32/Autorun.worm!a758e0e7
0x00078FDC    0x00000012    kjdh_gf_jjdhgd.exe
0x00078FF0    0x0000000E    Downloader-BRW
0x00079000    0x00000011    02c9c3c35bdx5.exe
0x00079014    0x00000017    Generic.dx!02c9c3c35bd5
0x0007902C    0x00000011    ae0965a7157cd.exe
0x00079040    0x00000017    Generic.dx!ae0965a7157c
0x00079058    0x00000011    472a10e2ebxd9.exe
0x0007906C    0x00000017    Generic.dx!472a10e2ebd9
0x00079084    0x0000000C    jkfuckfu.exe
0x00079094    0x00000012    Generic Dropper.js
0x000790A8    0x0000000E    aqfitrlxi2.exe
0x000790B8    0x0000000C    BackDoor-EFQ
0x000790C8    0x0000000E    ppddfcfux.exxe
0x000790D8    0x0000000D    Exploit-PDF.w
0x000790E8    0x0000000D    ddoll3342.exe
0x000790F8    0x0000000E    Downloader-BVW
0x00079108    0x0000000C    1iowieoo.exe
0x00079118    0x0000000E    W32/Renocide.c
0x00079128    0x0000000A    r0life.exe
0x00079134    0x0000000B    NTRootKit-H
0x00079140    0x0000000B    cunifuc.exe
0x0007914C    0x0000000F    W32/Rimecud!mem
0x0007915C    0x0000000C    kilslmd.exex
0x0007916C    0x0000000B    W32/Rimecud
0x00079178    0x0000000B    wdo9rm.exxe
0x00079184    0x00000014    W32/Autorun.worm.zzp
0x0007919C    0x0000000B    jofcdks.exe
0x000791A8    0x00000018    Pigax.gen.a!921565b7f057
0x000791C4    0x0000000B    dd10x10.exe
0x000791D0    0x0000001E    Generic PWS.y!bbg!06085157775A
0x000791F0    0x0000000D    hhbboll_2.exe
0x00079200    0x0000000F    Generic HTool.b
0x00079210    0x00000007    kgn.exe
0x00079218    0x0000000D    Keygen-Nero.a
0x00079228    0x0000000B    pswwg3c.exe
0x00079234    0x00000020    W32/Spybot.worm.gen!3c0e7eeb37a6
0x00079258    0x0000000A    htfad4.exe
0x00079264    0x00000019    RealAlert-HT!b3fe79005ad4
0x00079280    0x0000000A    cowceb.exe
0x0007928C    0x00000021    Generic Malware.co!a!ceb81c269a44
0x000792B0    0x0000000D    wwwsssgen.exe
0x000792C0    0x0000001B    W32/Sality.gen!ac1c3c308a6e
0x000792DC    0x00000009    ds7hw.exe
0x000792E8    0x0000001C    Generic Proxy!m!ad27925df1a5
0x00079308    0x0000000D    alerfa322.exe
0x00079318    0x00000019    RealAlert-DZ!79900a049ee8
0x00079334    0x0000000B    aler3fa.exe
0x00079340    0x00000019    RealAlert-DZ!0b0bf33cbf1e
0x0007935C    0x0000000C    al3erfa3.exe
0x0007936C    0x00000019    RealAlert-DZ!1b92f70bb87c
0x00079388    0x0000000B    alerfa2.exe
0x00079394    0x00000019    LealAlert-DZ!8299f5588bd6
0x000793B0    0x0000000A    alerfa.exe
0x000793BC    0x00000019    RealAlert-DZ!4f19c3b42195
0x000793D8    0x00000010    qwklrvjhqlkj.exe
0x000793EC    0x0000001B    Generic.dx!fia!71e64790169d
0x00079408    0x0000000E    ggwwef9752.exe
0x00079418    0x0000001B    Generic.dx!fia!b77c402ecd7c
0x00079434    0x0000000A    fadz43.exe
0x00079440    0x00000019    RealAlert-DZ!97f406ad794a
0x0007945C    0x0000000C    eephilpe.exe
0x0007946C    0x0000000E    W32/PhilPedo.a
0x0007947C    0x0000000C    wwautrsd.exe
0x0007948C    0x00000019    W32/Autorun.worm!5492698F
0x000794A8    0x0000000B    dwl_bqz.exe
0x000794B4    0x00000010    Downloader-BQZ.a
0x000794C8    0x0000000B    gpupz2a.exe
0x000794D4    0x00000016    Generic Pup.z!7ec2eb2a
0x000794EC    0x0000000C    wqefqw7e.exe
0x000794FC    0x0000001F    W32/Autorun.worm.gen.h!7ec2eb2a
0x0007951C    0x0000000D    warsddd_w.exe
0x0007952C    0x00000019    W32/Autorun.worm!a758e0e7
0x00079548    0x0000000E    wefgetn_00.exe
0x00079558    0x00000017    Generic.dx!02c9c3c35bd5
0x00079570    0x0000000D    gedx_ae09.exe
0x00079580    0x00000017    Generic.dx!ae0965a7157c
0x00079598    0x0000000B    wrcud12.exe
0x000795A4    0x0000000B    W32/Rimecud
0x000795B0    0x0000000B    g_dx234.exe
0x000795BC    0x00000017    Generic.dx!472a10e2ebd9
0x000795D4    0x0000000E    w32-reno-c.exe
0x000795E4    0x0000000E    W32/Renocide.c
0x000795F4    0x0000000C    exppdf_w.exe
0x00079604    0x0000000D    Exploit-PDF.w
0x00079614    0x0000000D    backd-efq.exe
0x00079624    0x0000000C    BackDoor-EFQ
0x00079634    0x0000000E    w32rim_mem.exe
0x00079644    0x0000000F    W32/Rimecud!mem
0x00079654    0x0000000F    gpdfsws_bbg.exe
0x00079664    0x0000001E    Generic PWS.y!bbg!06085157775A
0x00079684    0x00000008    kn.a.exe
0x00079690    0x00000040    %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x
0x000796D4    0x00000026    {3217DABC-8ACF-757B-9E6E-6F00DC89ACEB}
0x000796FC    0x00000026    {FBD69E67-C708-47be-B49F-33D4200B810D}
0x00079724    0x00000026    {ac7ddde0-7ff9-4d56-0FA9-decf41a6f167}
0x0007974C    0x0000001E    Software\AntiVirus Studio 2010
0x0007976C    0x00000015    AntiVirus Studio 2010
0x00079784    0x00000015    AntiVirus Studio 2010
0x0007979C    0x00000015    AntiVirus Studio 2010
0x000797B4    0x00000015    AntiVirus Studio 2010
0x000797CC    0x00000015    AntiVirus Studio 2010
0x000797E4    0x00000015    AntiVirus Studio 2010
0x000797FC    0x0000001E    Software\AntiVirus Studio 2010
0x0007981C    0x0000001A    \AntiVirus Studio 2010.exe
0x00079838    0x0000000F    __MessageWindow
0x0007984C    0x0000000F    __MessageWindow
0x0007985C    0x00000013    SystemTrayIconClass
0x00079870    0x00000013    SystemTrayIconClass
0x00079884    0x00000013    SystemTrayIconClass
0x000798BC    0x00000012    %s:Zone.Identifier
0x000798D4    0x00000030    SOFTWARE\Microsoft\Internet Explorer\Extensions\
0x00079908    0x00000005    CLSID
0x00079910    0x0000000F    \InprocServer32
0x00079920    0x00000006    CLSID\
0x00079928    0x00000016    \system32\kernel32.dll
0x00079940    0x00000011    Internet Explorer
0x00079984    0x0000000D    rmdir /S /Q "
0x00079998    0x00000008    del /Q "
0x000799B0    0x0000000A    if exist "
0x000799C0    0x00000008    del /Q "
0x000799CC    0x0000000E    bad allocation
0x000799DC    0x00000010    0123456789ABCDEF
0x00079A08    0x0000000E    bad allocation
0x00079A18    0x0000000E    bad allocation
0x00079A28    0x00000060    ..\..\..\..\Library\CommonLibW32\lib\src\hex.cpp
0x00079A8C    0x00000012    in && out
0x00079AA0    0x00000010    0123456789ABCDEF
0x00079AB8    0x00000060    ..\..\..\..\Library\CommonLibW32\lib\src\hex.cpp
0x00079B1C    0x00000012    in && out
0x00079B30    0x00000010    Invalid DateTime
0x00079B44    0x00000014    Invalid DateTimeSpan
0x00079B5C    0x0000000E    bad allocation
0x00079B70    0x0000000E    bad allocation
0x00079B80    0x0000002C    SOFTWARE\Microsoft\Windows NT\CurrentVersion
0x00079BB0    0x00000010    DigitalProductId
0x00079BC4    0x00000010    DigitalProductId
0x00079BDC    0x0000000E    bad allocation
0x00079BF0    0x0000000E    bad allocation
0x00079C08    0x00000066    ..\..\..\..\Library\CommonLibW32\lib\src\membuf.cpp
0x00079C70    0x00000034    offset + count <= m_length
0x00079CD8    0x0000000E    bad allocation
0x00079CE8    0x00000060    ..\..\..\..\Library\CommonLibW32\rsa\cpp\rsa.cpp
0x00079D4C    0x00000012    in && out
0x00079D60    0x00000060    ..\..\..\..\Library\CommonLibW32\rsa\cpp\rsa.cpp
0x00079DC4    0x00000012    in && out
0x00079DD8    0x0000000E    bad allocation
0x00079DE8    0x00000058    ..\..\..\..\Library\jsonlib\src\elements.cpp
0x00079E44    0x0000001A    m_pElementImp
0x00079E60    0x00000058    ..\..\..\..\Library\jsonlib\src\elements.cpp
0x00079EBC    0x0000001A    m_pElementImp
0x00079ED8    0x00000013    Array out of bounds
0x00079EEC    0x0000001E    Object member already exists: 
0x00079F0C    0x00000017    Object name not found: 
0x00079F24    0x00000010    list too long
0x0007A071    0x0000000D    ad allocation
0x0007A080    0x00000054    ..\..\..\..\Library\jsonlib\src\reader.cpp
0x0007A0D8    0x0000002A    m_iStr.eof() == false
0x0007A104    0x0000003A    m_itCurrent != m_Tokens.end()
0x0007A140    0x00000054    ..\..\..\..\Library\jsonlib\src\reader.cpp
0x0007A198    0x00000054    ..\..\..\..\Library\jsonlib\src\reader.cpp
0x0007A1F0    0x0000003A    m_itCurrent != m_Tokens.end()
0x0007A22C    0x00000024    Expected End of token stream; found 
0x0007A25C    0x00000005    false
0x0007A26C    0x00000020    Unexpected character in stream: 
0x0007A290    0x00000011    Expected string: 
0x0007A2AC    0x00000022    Invalid hex digit parsing \uXXXX: 
0x0007A2D0    0x0000002F    Unrecognized escape sequence found in string: \
0x0007A304    0x0000000F    0123456789.eE-+
0x0007A314    0x0000001E    Unexpected end of token stream
0x0007A334    0x00000012    Unexpected token: 
0x0007A348    0x0000001F    Duplicate object member token: 
0x0007A368    0x00000026    Unexpected character in NUMBER token: 
0x0007A398    0x0000001E    Unexpected End of token stream
0x0007A3B8    0x00000012    Unexpected token: 
0x0007A3E2    0x0000002C    Am_iStr.eof() == false
0x0007A410    0x00000054    ..\..\..\..\Library\jsonlib\src\reader.cpp
0x006F5420    0x000000D2    You  need  uninstall key for security reasons. To receive uninstall key press "Get Uninstall Key" button.

And this is a sandbox report of the installer.

Detailed report of suspicious malware actions:
 
Created file on defined folder: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Studio 2010.lnk
Created file on defined folder: C:\Documents and Settings\Administrator\Start Menu\Programs\AntiVirus Studio 2010.lnk
Created file on defined folder: C:\Documents and Settings\Administrator\Start Menu\Programs\AntiVirus Studio 2010\Activate AntiVirus Studio 2010.lnk
Created file on defined folder: C:\Documents and Settings\Administrator\Start Menu\Programs\AntiVirus Studio 2010\AntiVirus Studio 2010.lnk
Created file on defined folder: C:\Documents and Settings\Administrator\Start Menu\Programs\AntiVirus Studio 2010\Help AntiVirus Studio 2010.lnk
Created file on defined folder: C:\Documents and Settings\Administrator\Start Menu\Programs\AntiVirus Studio 2010\How to Activate AntiVirus Studio 2010.lnk
Defined file type created: C:\Documents and Settings\Administrator\Application Data\AntiVirus Studio 2010\AntiVirus Studio 2010.exe
Defined file type created: C:\Documents and Settings\Administrator\Application Data\AntiVirus Studio 2010\securitycenter.exe
Defined file type created: C:\Documents and Settings\Administrator\Application Data\AntiVirus Studio 2010\securityhelper.exe
Defined file type created: C:\Documents and Settings\Administrator\Application Data\AntiVirus Studio 2010\taskmgr.dll
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp2c9c3c35bdx5.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\17dkf.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\472a10e2ebxd9.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\56493.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\ae0965a7157cd.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\al3erfa3.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\aler3fa.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\alerfa.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\backd-efq.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\cunifuc.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\dc_3.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\dd10x10.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\ddhelp.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\ddoll3342.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\dkfjd93.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\ds7hw.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\eelnvd13.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\eephilpe.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\fe.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\format.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\gedx_ae09.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\gpupz2a.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\hardwh.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\hhbboll_2.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\hiphop.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\hodeme.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\hvipws9.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\jdhellwo3.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\jofcdks.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\kjdh_gf_jjdhgd.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\kock.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\lols.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\lorsk.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\pswwg3c.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\qwedvor.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\qwklrvjhqlkj.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\r0life.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\rator.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\rtfme.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\safe.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\snowif.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\sycre.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\test.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\timem.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\wergfq.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\winlogoff.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\wqefqw7e.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\wrcud12.exe
Defined file type created: C:\Documents and Settings\Administrator\Local Settings\Temp\wrfwe_di.exe
Defined registry AutoStart location added or modified: machine\system\CurrentControlSet\Services\wuauserv\Start = 04000000
Defined registry AutoStart location added or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\63vnpgureoog = C:\Documents and Settings\Administrator\Desktop\installer_m_93.exe
Defined registry AutoStart location added or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\AntiVirus Studio 2010 = "C:\Documents and Settings\Administrator\Application Data\AntiVirus Studio 2010\AntiVirus Studio 2010.exe" /STARTUP
Defined registry AutoStart location added or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\SecurityCenter = C:\Documents and Settings\Administrator\Application Data\AntiVirus Studio 2010\securitycenter.exe
Internet connection: C:\Documents and Settings\Administrator\Desktop\installer_m_93.exe Connects to "92.60.177.241" on port 80 (TCP - HTTP).
Internet connection: C:\Sandbox\Administrator\DefaultBox\user\current\Application Data\AntiVirus Studio 2010\AntiVirus Studio 2010.exe Connects to "111.90.150.129" on port 80 (TCP - HTTP).
Modified or overwritten file on defined folder: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\553z8yxt.default\localstore.rdf
Modified or overwritten file on defined folder: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\553z8yxt.default\urlclassifierkey3.txt
Modified or overwritten file on defined folder: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
Query DNS: httpload. net
Query DNS: www.antivirusstudio2010new. com
 
Risk evaluation result: High

This FakeAV also makes an interesting modification to the Windows Task Manager, which to the average user would probably be quiet convincing.

AntiVirus Studio 2010 TaskMan Mod

As well as fake Windows Security Center notifications.

AntiVirus Studio 2010 Security Center Fake

AntiVirus Studio 2010 Security Center Firewall Fake

Random Posts

Previous Posts