Trojan-Spy.Agent_95421d054c

by malwarelabrobot on July 4th, 2013 in Malware Descriptions.

Trojan.Win32.Generic!BT (VIPRE), Trojan-Spy.Agent!IK (Emsisoft), GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan-Spy, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary
Technical Details
Removal Recommendations

MD5: 95421d054cb978c09938c94105051d27
SHA1: 51a0dc0f8d9c68b958e662ca297a68fdaa1b10d3
SHA256: d859be2bf372020046188e0178532ebb7f3e16de503cf9764e6129850061b815
SSDeep: 12288:HM7sfvSprVQzReUOAEo7J3SKvnueQ8HWkPXy3nWr8S:sWvYVTny7Jivj82kvcWB
Size: 488778 bytes
File type: PE32
Platform: WIN32
Entropy: Packed
PEID: no data
Company: AirInstaller Inc.
Created at: 2013-01-19 13:52:49


Summary:

Trojan-Spy. Spy program intended for stealing user's confidential data.

Process activity

The Trojan-Spy creates the following process(es):

Serverpoe3.3.exe:300
Serverpoe3.3.exe:976
Serverpoe3.3.exe:1716
Serverpoe3.3.exe:1712
Serverpoe3.3.exe:1700
95421d054cb978c09938c94105051d27.exe:1496

The Trojan-Spy injects its code into the following process(es):

95421d054cb978c09938c94105051d27.exe:1332

File activity

The process Serverpoe3.3.exe:300 makes changes in a file system.
The Trojan-Spy creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1QN0PMJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GFV2JIT9\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6BCAE513\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\HIBNGSU9\desktop.ini (67 bytes)

The Trojan-Spy deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\data.dmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\data2.dmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\data1.dmp (0 bytes)

The process Serverpoe3.3.exe:1700 makes changes in a file system.
The Trojan-Spy creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\data.dmp (99 bytes)

The process 95421d054cb978c09938c94105051d27.exe:1496 makes changes in a file system.
The Trojan-Spy creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Serverpoe3.3.exe (3047 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\prog.exe (3073 bytes)

Registry activity

The process Serverpoe3.3.exe:300 makes changes in a system registry.
The Trojan-Spy creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Timeout" = "60"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"LDAP Logo" = "%ProgramFiles%\Common Files\Services\whowhere.bmp"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"LDAP Server ID" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Internet Account Manager]
"Server ID" = "4"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"LDAP Search Return" = "100"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts]
"PreConfigVerNTDS" = "1"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Resolve Flag" = "1"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"Account Name" = "VeriSign Internet Directory Service"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP Logo" = "%ProgramFiles%\Common Files\Services\verisign.bmp"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Search Return" = "100"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP Search Return" = "100"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"LDAP Logo" = "%ProgramFiles%\Common Files\Services\bigfoot.bmp"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"LDAP Timeout" = "60"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"LDAP Timeout" = "60"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"Account Name" = "WhoWhere Internet Directory Service"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"LDAP Simple Search" = "1"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts]
"AssociatedID" = "13 0C E8 37 45 CB CE 4D A4 38 54 5B 79 14 76 AC"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP Timeout" = "60"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"Account Name" = "Active Directory"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Server" = "NULL"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Search Base" = "NULL"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP User Name" = "NULL"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"LDAP Search Return" = "100"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"LDAP URL" = "http://www.whowhere.com"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts]
"PreConfigVer" = "4"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"LDAP Server" = "ldap.bigfoot.com"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP URL" = "http://www.verisign.com"

[HKCU\Identities\{37E80C13-CB45-4DCE-A438-545B791476AC}]
"Identity Ordinal" = "1"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Simple Search" = "0"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"Account Name" = "Bigfoot Internet Directory Service"

[HKCU\Identities]
"Identity Ordinal" = "2"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"LDAP Authentication" = "0"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"LDAP Server" = "ldap.whowhere.com"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP Simple Search" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Port" = "3268"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP Server" = "directory.verisign.com"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F B5 12 C2 B8 41 A9 6B B2 0E 74 52 D8 97 62 3E"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Server ID" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP Authentication" = "0"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Secure Connection" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Bind DN" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP Search Base" = "NULL"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"LDAP Simple Search" = "1"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere]
"LDAP Authentication" = "0"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\VeriSign]
"LDAP Server ID" = "2"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"LDAP Server ID" = "1"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC]
"LDAP Authentication" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot]
"LDAP URL" = "http://www.bigfoot.com"

[HKCU\Software\Microsoft\Internet Account Manager]
"Default LDAP Account" = "Active Directory GC"

The Trojan-Spy modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Spy modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Spy modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Spy deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Identities]
"Changing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Identities]
"OutgoingID"

[HKCU\Identities]
"IncomingID"

The process Serverpoe3.3.exe:976 makes changes in a system registry.
The Trojan-Spy creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 6C 47 45 8E 4A 96 75 BB 65 17 45 4D 30 5C 0D"

The process Serverpoe3.3.exe:1716 makes changes in a system registry.
The Trojan-Spy creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 1B 7D 23 83 E0 AD 08 EC 79 BF D8 9A 3D F4 16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process Serverpoe3.3.exe:1712 makes changes in a system registry.
The Trojan-Spy creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 B5 E7 10 C8 1C F2 71 BF FD 56 37 FC 75 4E 3F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process Serverpoe3.3.exe:1700 makes changes in a system registry.
The Trojan-Spy creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C FC 7D B9 37 00 B5 93 2D 52 28 2B 34 6F 57 BA"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The process 95421d054cb978c09938c94105051d27.exe:1496 makes changes in a system registry.
The Trojan-Spy creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 C8 99 CC 76 45 25 9F B4 B3 91 D1 96 48 D1 E3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"Serverpoe3.3.exe" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan-Spy modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Spy modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Spy modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

To automatically run itself each time Windows is booted, the Trojan-Spy adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"win32.exe" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\prog.exe"

The process 95421d054cb978c09938c94105051d27.exe:1332 makes changes in a system registry.
The Trojan-Spy creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 18 71 86 56 2D D8 2C 71 78 01 20 42 77 F5 1D"

Network activity (URLs)

URL: hxxp://bargainstuff.comuf.com/index.php?action=add&username=XP1&password=FC62K-HM2DP-GP43D-DJMFR-2DC4G&app=Windows XP x86&pcname=XP8&sitename=Microsoft IP: 31.170.163.130 Country: United States Verdict: Malicious
URL: smtp.gmail.com IP: 173.194.77.108

Rootkit activity

No anomalies have been detected.

Propagation


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    Serverpoe3.3.exe:300
    Serverpoe3.3.exe:976
    Serverpoe3.3.exe:1716
    Serverpoe3.3.exe:1712
    Serverpoe3.3.exe:1700
    95421d054cb978c09938c94105051d27.exe:1496

  2. Delete the original Trojan-Spy file.
  3. Delete or disinfect the following files created/modified by the Trojan-Spy:

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1QN0PMJ\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GFV2JIT9\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6BCAE513\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\HIBNGSU9\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\data.dmp (99 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Serverpoe3.3.exe (3047 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\prog.exe (3073 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "win32.exe" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\prog.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now