You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

AntivirusPC2009

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

AntivirusPC2009 is an adware program that carries out the following actions:

  • When this file is run, the program is installed in the computer and starts scanning the system in search for possible malware.
  • Once finished, it informs users that their computer is infected:

    Analysis carried out by TotalPCDefender2010 
  • If users decide to delete these threats, the following window will be displayed requiring a registration code of the program:

    Activation code of AntivirusPC2009
  • If they have not any code and decide to purchase the program, it will connect with an https URL, with security certificate, in order to make it more credible, and a screen like the following is displayed requiring users to select the type of card:

    Website to purchase AntivirusPC2009
  • Once selected, another page is displayed requiring users' personal data:

    Website to purchase AntivirusPC2009
  • If, on the contrary, users do not follow the recommendations of the program, from time to time warning messages like the following will be displayed:

    Alert message displayed by AntivirusPC2009

Infection strategy 

AntivirusPC2009 creates a directory called AntivirusPC 2009 in the Program Files directory. It creates the following files in this directory:

  • AVPC2009.EXE
  • AVPC2009S.EXE
  • UNINSTALLER.EXE
  • BZIP2.DLL
  • LIBLTDL3.DLL
  • PTHREADVC2.DLL

Additionally, it creates a shortcut to the program in the Desktop with the following icon:

Shortcut AntivirusPC2009

 

AntivirusPC2009 drops the following files to detect them as malware when it is scanning the system:

  • LIFABCC.EXE and VDOEPJ.EXE, in the Windows system directory.
  • DVHELP.EXE, in the Windows directory.
  • LWRMO.EXE, in My Documents folder.
  • LVTXRUG.EXE, in the Documents and Settings directory of the user that has logged in.

 

AntivirusPC2009 creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Antivirus PC 2009 = cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Antivirus PC 2009 = cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe
    By creating these entries, AntivirusPC2009 ensures that it is run whenever Windows is started.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
    C:\Program Files\Antivirus PC 2009\avpc2009.exe = avpc2009
  • HKEY_LOCAL_MACHINE\SOFTWARE\AVPC2009
  • HKEY_LOCAL_MACHINE\SOFTWARE\AVPC2009\options
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus PC 2009

Means of transmission 

AntivirusPC2009 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Further Details  

AntivirusPC2009 is 1,985,386 bytes in size.