Fake Anti Spyware.Antivirus System PRO - Spyware Detector

Home / Spyware Encyclopedia / Fake Anti Spyware.Antivirus System PRO

Fake Anti Spyware.Antivirus System PRO Technical Details

Category	Fake Anti Spyware
Discovered	4/10/2007 11:57:51 AM
Modified	12/24/2009 5:25:09 PM
Threat Level	Critical

Category Description

These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.

Notice

Summary

The following http urls were started:

•91.212.127.227/check

•sysguard2010.com/check

The hosts file was updated with the following url-to-ip mappings:

127.0.0.1	localhost
91.206.201.8	winsecurepro.com
91.206.201.8	winsecurepro.microsoft.com

The following internet connection was established:

216.86.144.129 : 80

174.139.23.174 : 80

216.86.144.130 : 80

The following Files were created:

Name	Version	Publisher	Signature (MD5)	File Size (in KB)
..\itunes.exe	2.10.2693.2319	Xygip	16176c4bb4775f505324e6cc6c7ce443	96256
..\pc_antispyware2010\htmlayout.dll	3.2.2.18	Terra Informatica Software, Inc., British Columbia	c6a107a2675c865a359525af502a6f23	677376
..\eg.exe	3.5.2761.740	Onyndaizhiimafiv	70ad007ed1597de0481956e9bd683ca8	96256
..\op.exe	2001.12.4720.3959	microsoft corporation	0a2017289559c8a9271c0a4d475231cb	277760
..\xfbhyu\wstosysguard.exe	7.0.0.177	Hewlett-Packard	e8f83b7f280b53ab288240e895501406	256512
..\9b6efe0a.exe			de06142d1eb32b07dad4f9203249730d	424192
..\temp\alg.exe			a2f146b5a6bcdbba3f0ed9af7ef28b7e	141828
..\upx.exe			144923c0410cee510808e263adfe7159	63488
..\cc-4ek_setup.exe			cc12104f370faf550647fe54afe76759	23587
..\bu.exe			ff404516cdfe4ca12471099eeb01ad8b	123392
..\windows genuine advantage\vmonitor.exe			b1b8cea128026d1264ee719a19fbb445	37892
..\e.exe	0.0.0.0		74da9a5bc13b49c7db3d9ee16e25eabd	31232
..\sdra64.exe
..\iqilujida.vbs				14059
..\petemeqili.vbs				17558
..\ytytox.com				10914
..\diryk.sys				15061
..\hyva.dat				11799
..\axodybi.com				13905
..\unuziv.sys				11915
..\jigyjub.dat				13661
..\pc_antispyware2010\avengn.dll
..\pc_antispyware2010\pc_antispyware2010.exe	3.1.7.69			581363
..\temp\e.exe			234b00eba42a34179f22a6f14c51dda0
..\Installer2.exe			147c7b4f1f73b1b9d9fdaf23deccc9b9	147799

The following Registry Entries were created:

•	..\Software\avscan
•	..\System\CurrentControlSet\Services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\"%das.au.app data%\windows genuine advantage\vmonitor.exe"\"%das.au.app data%\windows genuine advantage\vmonitor.exe:*:enabled:sam"
•	..\Software\Classes\Clsid\{10B3A0D2-3960-4d38-8158-D828A30F8DB1}
•	..\Software\Classes\Clsid\{f5f14e7a-f59d-45a0-bdc5-a9f5454f0bcf}
•	..\Software\ghisler\windows commander
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC_Antispyware2010
•	..\System\CurrentControlSet\Services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\"%win%\temp\alg.exe"\"%win%\temp\alg.exe:*:enabled:application layer gateway service"
•	..\Software\Classes\Clsid\{009541a0-3b00-1f1c-00f3-040224001c01}
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7}
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{19A28541-44B6-3A8F-7617-A6F225019B12}
•	..\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\"LowRiskFileTypes"\".exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"PC Antispyware 2010"\""%PF%\PC_Antispyware2010\PC_Antispyware2010.exe" /hide"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"system tool"\"%pf%\wwpavt\cmvesysguard.exe"
•	..\System\CurrentControlSet\Services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\"%das.au.app data%\windows genuine advantage\vmonitor.exe"\"%das.au.app data%\windows genuine advantage\vmonitor.exe:*:enabled:sam"
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"vmonitor"\"%das.au.app data%\windows genuine advantage\vmonitor.exe -mode=background -check=memory"
•	..\System\CurrentControlSet\Services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\"%win%\temp\alg.exe"\"%win%\temp\alg.exe:*:enabled:application layer gateway service"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"system tool"\"%PF%\pfcbko\vrnlsysguard.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"system tool"\"%pf%\xfbhyu\wstosysguard.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}
•	..\Software\PC_Antispyware2010

Recommendation to remove Fake Anti Spyware.Antivirus System PRO

Spyware Detector can remove Fake Anti Spyware.Antivirus System PRO, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.

Download Spyware Detector and Scan for FREE

Search Threats