Remove Active Security

Active Security Image

Other payload of Active Security includes the following:

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “ActiveSecurity.exe”
  • HKEY_CURRENT_USER\Software\Active Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Active Security

The threat will drop the following malicious files:

  • %Documents and Settings%\All Users\Start Menu\Programs\Active Security
  • %Documents and Settings%\All Users\Application Data\Active Security
  • %User Profile%\Local Settings\Temp
  • %Program Files%\Active Security
  • %Program Files%\Active Security\ActiveSecurity.exe
  • %Program Files%\LabelCommand
  • %System Root%\Samples

Leave a Comment