You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

RSTAntivirus2010

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

RSTAntivirus2010 is an adware program that carries out the following actions:

  • It reaches the computer in a file with the following name and icon:

    Icon of the program installation
  • When it is run, the installation process of the program starts. In order to do so, the user has to follow some steps. One of the screens that is displayed is the following:

    Screen of the program installation
  • Once installed in the computer, the interface of the program is opened and it starts scanning the system in search for possible malware:

    Program interface
  • Once finished, the results of the scan indicate that malware has not been found in the computer.
  • It is a trial version, so users have to register and pay a certain sum of money if they want that the program works properly:

    Website to purchase RSTAntivirus2010
  • It also adds a shortcut to the Desktop, so that the program looks as legitimate as possible:

    Icon of the program added to the Desktop
  • However, this program does not really protect the computer against possible threats. Users will think that their computer is protected, but instead what they have really installed is a fake antivirus program.

Infection strategy 

RSTAntivirus2010 creates a directory called RST Antivirus 2010 in the Program Files directory and a group of programs in the Start menu with the same name.

RSTAntivirus2010 creates the following files:

  • RST ANTIVIRUS 2010.EXE, which is a copy of itself, in the folder RST Antivirus 2010 of the Program Files directory.
  • COMDLG32.DLL, DWMAPI.DLL, LIBCLAMAV.DLL, OLEDLG.DLL, PTHREADVC2.DLL, WININET.DLL and UNINSTALL.BAT, in the folder RST Antivirus 2010 of the Program Files directory.
  • ALGGUI.EXE, SVCHOST.EXE, ADC32.DLL, WP3.DAT, WP4.DAT, NUAR.OLD and SKYNET.DAT, in the Program Files directory.
  • RST ANTIVIRUS 2010.LNK, in the Desktop. This file is a shortcut to the program:

    Shortcut to RSTAntivirus2010

 

RSTAntivirus2010 creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\Software\RST Antivirus 2010
  • HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\Windows\ CurrentVersion\ Explorer\ Browser Helper Objects\ {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
    By creating these entries, RSTAntivirus2010 registers itself as a BHO (Browser Helper Object). This way, it can monitor the websites accessed by the user.
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd

Means of transmission 

RSTAntivirus2010 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Further Details  

RSTAntivirus2010 is 3,752,960 bytes in size.

>