PUP.SAntivirus, Spigot

PUP.SAntivirus

 

*file
c:\program files\santivirus\santivirusic.exe
c:\program files\santivirus\santiviruskd.sys
c:\program files\santivirus\santivirusservice.exe
c:\programdata\microsoft\windows\start menu\programs\santivirus\santivirus product.lnk
c:\users\{USERNAME}\appdata\roaming\santivirusclient\santivirusclientconfig.xml
c:\program files\santivirus\santivirusshell64_v102119.dll
c:\program files\santivirus\santivirusshell86_v102119.dll


*reg_key
HKLM\software\classes\*\shellex\contextmenuhandlers\santivirusshellextension.filecontextmenuext
HKLM\system\currentcontrolset\services\santivirusic
HKLM\system\currentcontrolset\services\santiviruskd
HKLM\system\currentcontrolset\services\santivirussvc
HKLM\software\santivirus
HKLM\software\segoption
HKLM\software\santivirusproduct
HKLM\software\microsoft\windows\santivirus
HKLM\software\microsoft\windows\currentversion\uninstall\santivirus
HKLM\software\classes\systemfileassociations\*\shellex\contextmenuhandlers\santivirusshellextension.filecontextmenuext
HKLM\software\microsoft\tracing\santivirusclient_rasapi32
HKLM\software\microsoft\tracing\santivirusclient_rasmancs
HKLM\software\microsoft\tracing\santivirusservice_rasapi32
HKLM\software\microsoft\tracing\santivirusservice_rasmancs
HKLM\software\classes\clsid\{7784be7f-a15c-4a41-acf5-4cc020154952}

 

 

PUP.Spigot

 

*file
C:\Users\{USERNAME}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe

 
*reg_key
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4A223147-F24A-49C7-9BCA-1AE261B1E0D5}
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}
 

*reg_val
HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings  | jcojppmbommbjimpoopbbgpkjbemnafa
HKCU\Software\Microsoft\Windows\CurrentVersion\Run  |  IEXPLORE