Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelLow threatDamageHighDistributionNot widespread


A-FastAntivirus is an adware program that carries out the following actions:

  • It reaches the computer in a file with the following icon:

    Icon of A-FastAntivirus
  • When this file is run, the following warning is displayed, informing users that the computer is infected with spyware and recommending them to install an antispyware program. In order to be more credible, it seems that Windows will download the program:

    Infection alert displayed by A-FastAntivirus
  • After a while or when users click the message, the application starts to be loaded:
  • Once installed, the interface of the program is displayed and starts scanning the system in search for possible malware:

    Scan carried out by A-FastAntivirus
  • The results, which are fake, indicate that malware has been detected in the computer, as can be seen in the messages that are displayed when the scan is finished:

    Alert messages displayed by A-FastAntivirus
  • If users follow the instructions of the program and decide to eliminate these threats, they will be redirected to the website where the antivirus solution can be purchased and there they will have to enter their data:

    Website to purchase A-FastAntivirus
  • If, on the contrary, they decide not to follow the program's instructions, different alert warnings and messages will be displayed, reminding users the risk the computer is running:

    Other warning messages displayed by A-FastAntivirus

Infection strategy 

A-FastAntivirus creates a directory called A-fast in the Program Files directory. In this folder it creates the file A-FAST.EXE which belongs to the main file of the program.

Additionally, it creates a file called A-FAST ANTIVIRUS.LNK in the Desktop. It is a shortcut to the program:

Shortcut to A-FastAntivirus


A-FastAntivirus creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    fast = C:\Program Files\A-fast\A-fast.exe
    By creating this entry, A-FastAntivirus ensures that it is automatically run whenever Windows is started.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    DosableTaskMgr = 01, 00, 00, 00

    This file is designed to disable the Task Manager. However, due to an error (it is created with  DosableTaskMgr instead of DisableTaskMgr) it does not work.
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ SharedAccess\ Parameters\ FirewallPolicy\ StandardProfile\ AuthorizedApplications\ List
    C:\Program files\A-fast\A-fast.exe = C:\Program files\A-fast\A-fast.exe:*:Enabled:afast
  • HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ SharedAccess\ Parameters\ FirewallPolicy\ StandardProfile\ AuthorizedApplications\List
    C:\Program files\A-fast\A-fast.exe = C:\Program files\A-fast\A-fast.exe:*:Enabled:afast

    By creating these two entries, A-FastAntivirus adds itself to the list of authorized applications by the Windows firewall.
  • HKEY_CURRENT_USER\Software\A-fast\Activation
    First Start = 01, 00, 00, 00
  • HKEY_CURRENT_USER\Software\A-fast\Security
    Last Scan Date =
    %date of the last scan carried out%
  • HKEY_CURRENT_USER\Software\A-fast\Security
    Last Scan Result =
    %result of the last scan carried out%

Means of transmission 

A-FastAntivirus can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Further Details  

A-FastAntivirus is 979,968 bytes in size and is compressed with UPX v1.9.

Additionally, the application offers different services, like email protection and firewall, as can be seen in the following image:

One of the options of A-FastAntivirus


Investigation carried out by Aitor Crespo.