Spyware DetectorSpyware Detector Anti Spyware Software
Spyware Detector - Home Spyware Detector - Purchase Spyware Detector - Updates Spyware Detector - Affiliates Spyware Detector - Contact Us

Home / Spyware Encyclopedia / Fake Anti Spyware.Active Security
 Fake Anti Spyware.Active Security Technical Details
 Category Fake Anti Spyware
 Discovered   6/27/2009 7:21:56 PM
 Modified   10/27/2009 1:07:59 PM
 Threat Level High
 Category Description
These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.
Description
Active Security is Rogue Security Program. Active Security usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. It uses aggressive and deceptive techniques to frighten the user into purchasing the program. It gives exaggerated report and claims of spyware found or false positives but will not remove spyware unless the user purchases the program.
 Notice

Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically in our Research Lab as a result of executing Spyware Files or browsing Internet. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Software.

We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.
 Summary
The following http urls were started:
• garlicworld.com/.sys/?action=begen&v=18
• name.filipinaprincess.com/.sys/?action=begen&v=18
• www.blingstringsbykitten.com/.sys/?action=begen&v=18
The hosts file was updated with the following url-to-ip mappings:
74.125.45.100 4-open-davinci.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 privatesecuredpayments.com
The following internet connection was established:
85.17.189.1 : 80
78.46.151.180 : 80
95.169.191.223 : 80
 
 Process asecurity.exe
 Drivers   N/A
 Folder Created   %DAS.AU.SM.P%\Active Security
%PF%\Active Security
 The following Files were created:
 
Name Version Publisher Signature (MD5) File Size (in KB)
..\active security\asecurity.exe 1.0.0.1 Protection System Software dde418e700083d0f41bb1f07f4fbef91 1511424
..\runit\runit_32.exe 1.0.0.0 BB Inc 16ad0e3d362877ca2c95e17765e829f8 24576
..\ms.22.exe 12.0.0.58851 Activision 57a1694cfed18f7af94a1b972f9283fb 95744
..\web.exe 5.0.1.1002 360Safe.com f2a7fffc36810fbb4844e6a3b565a252 28672
..\sber18.exe        
..\runit\runitu_32.exe     c99fd70d6190f35f7b039e613f5f2048 48638
..\vasyaa_b.exe     aeaf9ed104c27981b2ff86a6beb1f87f 1051177
..\tg.14.exe 0.20.0.3000   28b0c7a6fb0aa177039810d0d7f0781f 47616
..\setup1.exe     73ad97f3bd8692a03f2037912498811d 61489
..\sbplusup.exe 1.0.0.4   6d20baad64d255511169754892b83c5d 49152
..\install_n.exe     f1338aa5b236c52b8620cb6d4791eb8b 1051172
..\install.exe     5525609c75c35325bb0160f8611e0b48 32768
..\file.exe     9c6fd6758fe69952b10815d9cf98fd73 18944
..\ff2ie.exe     bd25eacf5d46659985474060dfa461ee 155136
..\bt3plugin.exe     c9aadb99e57c4199f77d1e163c803782 63488
..\20091015105600.exe     70d482ea0a6b63e4b70ae6b79e63b2cd 104960
..\20090616011856.exe     71f29a6ce4c9907783301376c7b7a214 69697
..\20090616011834.exe     1dd1306622cf608c10a6754a6c8a43ad 889000
..\0007.exe     7fb8aee785ede24979a0bc5090c95516 70025
..\0004.exe     aa4177bf42b26ae2b7cf6f18d98faeed 42240
..\0002.exe     f4b381b18cff66d00fb292b859b3dd8c 26112
..\wmmest.dll        
..\captcha.dll       17408
..\active security\coreext.dll 1.0.0.1     44032
 The following Registry Entries were created:
 
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMAIN.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTPOST.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PADMIN.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.exe
..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.exe

 The following images were captured:
Recommendation to remove Fake Anti Spyware.Active Security
Spyware Detector can remove Fake Anti Spyware.Active Security, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.
Download Spyware Detector and Scan for FREE
 
Personalized E-mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.
Speed up your computer and increase browsing performance by deleting Spyware & Adware
Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software.
Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes.
 
Free Spyware Scan
 
Search Spyware Threats
 
 
Customer Service Rating by LivePerson
 
 
Useful Links
Spyware & Adware Categories we scan
Spyware Removal Tools
Submit a False Positive
Submit a Threat
 
 
Customer Speaks
“I just purchased Spyware Detector and ran it. I am very impressed with how good it was. On the first scan it picked up a lot of very bad Trojans, worms, backdoor poisons that other companies had missed. Thank you!!”
Read More
 
About Us | Purchase | Contact Us | Affiliates | FAQ | Testimonials | Privacy Policy
Copyrights © 2003-2009 Max Secure Software. All rights reserved.