Home/ Spyware Encyclopedia / Fake Anti Spyware.DataHealer | |  | Fake Anti Spyware.DataHealer Technical Details |  |
|
| Category |
 |
Fake
Anti Spyware |
| Discovered |
|
3/29/2008
9:40:00 AM |
| Modified |
|
3/29/2008
10:32:00 AM |
| Threat
Level |
|
Critical |
| Description |
|
A
Fake Anti Spyware
is software that
purports to scan
and detect malware
or other problems
on the computer,
but which attempts
to dupe or badger
users into purchasing
the program by presenting
the user with intrusive,
deceptive warnings
and/or false, misleading
scan results. They
spuriously warn
users that their
computers have been
infected with spyware,
directing them to
purchase programs
which do not actually
remove spyware or
worse, may add more
spyware of their
own It typically
uses aggressive,
deceptive advertising
and may be installed
without adequate
notice and consent,
often though exploits.
|
| Summary |
|
The
hosts file was updated
with the following
url-to-ip mappings:
n/a
The
following http urls
were started:
datahealer.com
download.datahealer.com
Generated smtp
traffic: n/a
Connection(s)
established with
remote IRC Server:
n/a
The
following hidden
entries created:
n/a
The
following internet
connection was established:
69.50.166.140:80(69.50.166.140-custblock.intercage.com)
69.50.175.181:80
69.50.165.19:80(69.50.165.19-custblock.intercage.com) |
| Processes |
|
DataHealerSetup.exe,
DataHealer.exe |
| Drivers |
|
N/A |
| Folders
Created |
|
%COMMON_PROGRAMS%\
DataHealer
%PFDIR%\DataHealer |
| Browsed
Site |
|
N/A |
Behavior |
| 1) |
DataHealer
is a Rogue
Anti Spyware. |
| 2)
|
It shows false
Warning messages. |
| 3)
|
It also shows
misleading
scan Results. |
|
| When
the Fake Anti Spyware
is executed, it
creates the following
files: |
| Name |
Version |
Publisher |
Signature
(MD5) |
File
Size (in Bytes) |
| ..\datahealer\datahealer.exe |
|
|
bac2f6d860b158c39ec92dd341e50b9e |
424960 |
| ..\datahealer\datahealer0.dll |
|
|
ac153a4f1ff0c34d58a23555dbc66763 |
57344 |
| ..\datahealer\datahealer1.dll |
|
|
dab8f8dda92f5a59aae3346ee28b5ba0 |
45056 |
| ..\datahealer\datahealer3.dll |
|
|
6d09c05a4451fa73196e0999fc3117fe |
40960 |
| ..\desktop\datahealer.lnk |
|
|
|
1470 |
| ..\datahealersetup.exe |
|
|
0169a1b01ad37ed77a9ad9171b448bc2 |
61440 |
|
|
| When
the Fake Anti Spyware
is executed, it
creates the following
Registry entries: |
| • |
..\software\datahealer |
| • |
..\software\microsoft\windows\currentversion\run\"datahealer" |
| • |
..\software\microsoft\windows\currentversion\uninstall\datahealer |
|
Snapshot
|
|
Recommendation to remove Fake Anti Spyware.DataHealer |  | Spyware Detector can remove Fake Anti Spyware.DataHealer, and thousands of other Spyware definitions, automatically and instantly. Click here to download Spyware Detector and scan for free. |
| |
|
| |
| |
| |  | Personalized e-Mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.
| |  | Speed up your computer and increase browsing performance by deleting Spyware & Adware | | | Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software. | | | Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes. |
|
|
| |  | | | | | |  | |  Submit a Threat
Submit a threat to be reviewed by our research team
Submit a Threat | |  |
|
|