Fake Anti Spyware.AntiMalware - Spyware Detector

Home / Spyware Encyclopedia / Fake Anti Spyware.AntiMalware


	Fake Anti Spyware.AntiMalware Technical Details

Category		Fake Anti Spyware
Discovered		2/27/2007 3:59:17 PM
Modified		11/24/2009 5:01:20 PM
Threat Level		High

Category Description

These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.

Description

AntiMalware is Rogue Security Program. AntiMalware usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. It uses aggressive and deceptive techniques to frighten the user into purchasing the program. It gives exaggerated report and claims of spyware found or false positives but will not remove spyware unless the user purchases the program.

Notice

Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically in our Research Lab as a result of executing Spyware Files or browsing Internet. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Software.

We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.

Summary

The following http urls were started:

• sexdad.org/thumbs/00165.jpg?1251315372
• sexdad.org/thumbs/00177.jpg?1250975896
• sexdad.org/thumbs/00188.jpg?1251344712

The hosts file was updated with the following url-to-ip mappings:

127.0.0.1	localhost
127.0.0.1	download.windowsupdate.com
127.0.0.1	http://update.microsoft.com

The following internet connection was established:

93.190.139.201 : 80
206.217.204.198 : 80
65.254.45.124 : 80

Process		antimalware.exe
Drivers		N/A
Folder Created		%DAS.AU.SM.P%\AntiMalware %PF%\AntiMalware

The following Files were created:

Name	Version	Publisher	Signature (MD5)	File Size (in KB)
..\systemwindows.exe	1.0.0.0	????	1676bd2d7be48b73a058979b918ad062	57344
..\200903.exe	1.0.0.135	vbAccelerator	0ca97182147a0b5e9f6726f68fb6becd	26893
..\winagent.exe	2.0.7.0	NTWind Software	39879aa8bcfe61f1b85df1af16ac79f4	60672
..\winagent.exe	2.0.7.0	NTWind Software	d9e6f9d0c74757cfa315643ce323ff3a	89600
..\winupdate.exe	5.2.3790.0	Microsoft Corporation		56320
..\Temp\wscsvc32.exe	1.0.0.1	Microsoft Corporation	c4c8d2573ee5bcabd0371ce3a856541c	949760
..\temp\111exe.exe	5.0.2195.6601	Microsoft Corporation	77928a0f3a6fc954716519cc2eb16567	55808
..\dd-file.exe	6.0.4.1	Lrfdfirftomtrfhluydgs Jenlljtjqsnxn	b261c8a5f516c4215acd347ed93e45cf	126976
..\chetvpont.exe	6.1.1553.2737	Geezdamaygxebeapc	e9cc0429efb69c8213902b3b17f26c85	135168
..\antimalware.exe	1.0.0.1	Active Security Software	659f8c96e1948aa48a3c6f5d50f57a8e	1572864
..\svc.exe			4608af436b4dba0f2cf723a634b2f9f6	235008
..\odb.exe			a125bc44bdf028d5f198a290ffc6981e	233984
..\uyp2.tmp.exe	1.0.0.1		98bab1f188e43fc58ab43b6b196aa723	416768
..\setup1.exe	1.0.0.0		ef9f5b7d9aa4afc57cfb7c4dd10f6ae0	61440
..\load.exe			97251c8fd0dac11eeff6d8e4386503d1	1437184
..\lfs_14.exe			65b35ddc85561642f5268bb1fb54697b	190976
..\drvsign.exe			d28436e68d713a2c8660459a2101b5d2	106496
..\acdc.exe			4d4cf97af9ee7a3d404a7d0bec492421	111104
..\antimalware.exe			659f8c96e1948aa48a3c6f5d50f57a8e	474624
..\temp\wow64main.exe			15d5c4cc79f7d0fce74cc3e19ccd9d07	1216512
..\temp\uyp2.tmp.exe	1.0.0.1		490df287817e7aed251e6bda00a57765	416768
..\Temp\teste1_p.exe				309760
..\Temp\q1.exe			d42f96281dd8cdd4fec626f3abec1d52	261120
..\temp\ern1.tmp.exe	1.0.0.1		6f17886ef3a9171a21d26b3a33b64aa7	921088
..\Temp\avto.exe			e6e486207176e10074f4ee70242b61b5	263680
..\temp\6_ldr3.exe			ae08d9e9b245609df4b0b81057f03cf4	96768
..\Temp\5_odb.exe			ce6c94b3c00194a201635cd8910541ff	262656

The following Registry Entries were created:

•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"NETC"\"%WIN%\SVC.EXE"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"winupdate.exe"\"%WIN.SYS32%\winupdate.exe"
•	..\System\CurrentControlSet\Services\ndisrd\"ImagePath"\"system32\DRIVERS\ndisrd.sys"
•	..\Software\mediasolaris
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"antimalware"\""%pf%\antimalware\antimalware.exe" -noscan"
•	..\Software\Microsoft\Windows\CurrentVersion\POLICIES\ACTIVEDESKTOP\"NOCHANGINGWALLPAPER"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"poprock"\"%das.au.ls%\temp\b.exe"
•	..\Software\xml
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}
•	..\System\CurrentControlSet\Enum\root\legacy_ndisfileservices32
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\antimalware
•	..\Software\poprock
•	..\Software\Microsoft\Windows\CurrentVersion\policies\explorer\"noactivedesktopchanges"
•	..\Software\active security
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7}
•	..\System\CurrentControlSet\Services\ndisfileservices32
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{19A28541-44B6-3A8F-7617-A6F225019B12}
•	..\Software\Microsoft\Windows\CurrentVersion\\"cf"
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
•	..\Software\\"8636065b-fef0-4255-b14f-54639f7900a4"\"8636065b-fef0-4255-b14f-54639f7900a4"
•	..\Software\\"eee0bd2f-ff2e-46ef-83fb-d4fda84462a3"
•	..\System\CurrentControlSet\Services\ndisrd\Security
•	..\Software\antimalware

The following images were captured:

Recommendation to remove Fake Anti Spyware.AntiMalware

Spyware Detector can remove Fake Anti Spyware.AntiMalware, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.

Download Spyware Detector and Scan for FREE

	Personalized E-mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.
	Speed up your computer and increase browsing performance by deleting Spyware & Adware
	Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software.
	Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes.

Search Threats

Useful Links

	Spyware & Adware Categories we scan
	Spyware Removal Tools
	Submit a False Positive
	Submit a Threat

Customer Speaks

“I just purchased Spyware Detector and ran it. I am very impressed with how good it was. On the first scan it picked up a lot of very bad Trojans, worms, backdoor poisons that other companies had missed. Thank you!!”