You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

GeneralAntivirus

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

GeneralAntivirus is an adware program that carries out the following actions:

  • It reaches the computer in a file which has the following name and icon:

  • When it is run, the installation process of the program starts and several screens are displayed, among them the following:

  • Once installed, the interface of the program is displayed:

  • If users decide to protect their computer and clicks on "Protect PC Now", the program starts to scan the system in order to check if it is infected:


    However, the results of the scan are files belonging to applications installed in the affected computer, but it is not malware at all.
  • once finished, it displays a warning message informing users that malware has been detected in the computer:

  • If users decide to follow the program's instructions and to remove the threats, they will be redirected to a website where the antivirus solution can be purchased:

  • If, on the contrary, they do not follow its indications, when the computer is restarted, the so-called Blue Screen of Death (BSoD) will be displayed and then the computer will be restarted, in order to make users think that their computer is really infected.

Infection strategy 

GeneralAntivirus creates a folder called General Antivirus in the following directories:

  • Program Files directory.
  • C:\Documents and Settings\%username%\Application Data
    where %username% is the username of the user that has logged in.

GeneralAntivirus creates the following files:

  • GENAVIR.EXE, UNINS000.EXE, UNINS000.DAT, EXPLORER.ICO, ACTIVATE.ICO, UNINSTALL.ICO and WORKING.LOG, in the folder General Antivirus of the Program Files directory.
  • DBINFO.VERGA090122.DB and GA190908G.DB, in the folder General Antivirus\db of the Program Files directory.
  • SETTINGS.INI, in C:\Documents and Settings\%username%\Application Data\General Antivirus.
  • CONFIG.CFGTIMEOUT.INF and URLS.INF, in C:\Documents and Settings\%username%\Application Data\General Antivirus\db.
  • GENERAL ANTIVIRUS.LNK, in C:\Documents and Settings\%username%\Application Data\Microsoft\Internet Explorer\Quick Launch.
  • a group of programs in the Start menu called General Antivirus, which contains several links.
  • GENERALANTIVIRUS4.EXE, in the Desktop.

 

GeneralAntivirus creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    General Antivirus = C:\Program Files\General Antivirus\GenAvir.exe /s     
    By creating this entry, GeneralAntivirus ensures that it is run whenever Windows is started.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\General Antivirus_is1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
    C:\ Documents and Settings\     %username%\ Local Settings\ Temp\ is-SMSQ6.tmp\ GeneralAntivirus4.tmp = Setup/Uninstall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Desktop\GeneralAntivirus4.exe = General Antivirus Setup

Means of transmission 

GeneralAntivirus can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Further Details  

GeneralAntivirus is 2,234,029 bytes in size.