The main executable is automatically downloaded into the victim's Temporary Internet Files (TIF) folder. Other components are invisibly installed into your "Startup" folder, causing the main executable (in your TIF) to launch and install malware onto your computer.
In this instance the malware claims to have found a number of viruses or spyware threats on your computer and you are goaded into purchasing its recommended twin, "Anti-Virus-1," which is a "Rogue" (fake) anti virus program. Paying to register the fake anti virus program removes the alerts that are actually part one of the two part malware threat.
This is not the first or last malware infector that hides in the TIF folder and gets launched by a startup entry. However, you can reduce your exposure to such files taking over your computer if you select the long-standing option to always empty your Temporary Internet Files when you close your browser.
Internet Explorer calls them Temporary Internet Files. Firefox calls them the Internet Cache. Opera sings about them in a soprano voice. LOL! Here's how to automatically delete these files every time you close your IE, Firefox and Opera browsers.
- Internet Explorer: Tools >Internet Options > Advanced > Security > check: "Empty Temporary Internet Files folder when browser is closed" - Apply > OK
- Firefox: Tools > Options > Privacy > check: "Always clear my private data when I close Firefox." Use the Settings button to preset which items are automatically deleted. As a minimum choose "Cache" and "Authenticated sessions." Click OK twice.
- Opera: Tools > Preferences > Advanced - History - Disk Cache - check: "Empty on exit." Click OK.
If you are infected by this, or a similar Rogue anti virus program, I, and others, recommend MalwareBytes AntiMalware to remove the threat. Don't forget to update the program first, then scan for malware vermin.
