Fake Anti Spyware.Enterprise Suite - Spyware Detector

Home / Spyware Encyclopedia / Fake Anti Spyware.Enterprise Suite

Fake Anti Spyware.Enterprise Suite Technical Details

Category		Fake Anti Spyware
Discovered		4/23/2009 2:40:27 PM
Modified		11/18/2009 4:29:26 PM
Threat Level		High

Category Description

These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.

Description

Enterprise Suite is Rogue Security Program. Enterprise Suite usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. It uses aggressive and deceptive techniques to frighten the user into purchasing the program. It gives exaggerated report and claims of spyware found or false positives but will not remove spyware unless the user purchases the program.

Notice

Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically in our Research Lab as a result of executing Spyware Files or browsing Internet. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Software.

We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.

Summary

The following http urls were started: NA

The hosts file was updated with the following url-to-ip mappings:

74.125.45.100	4-open-davinci.com
74.125.45.100	getantivirusplusnow.com
74.125.45.100	privatesecuredpayments.com

The following internet connection was established:

64.213.140.69 : 80
127.0.0.1 : 9666
94.102.63.66 : 80

Process		setup_build6_195.exe
Drivers		N/A
Folder Created		%DAS.AU.APP DATA%\Enterprise Suite

The following Files were created:

Name	Version	Publisher	Signature (MD5)	File Size (in KB)
..\0d25d23\we0d25.exe	1.0.1.2982	AVP Inc	8867b5bb1a0781218d69d61ec6d25d4c	1925120
..\setup_build6_195.exe			a8509319ae22308c1c6673f6b27e67fd	265728
..\install14300.exe			3e42a1bb58d7fe48d074d9538143b486	32768

The following Registry Entries were created:

•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rtvscan.EXE
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.EXE
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMAIN.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTPOST.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe

The following images were captured:

Recommendation to remove Fake Anti Spyware.Enterprise Suite

Spyware Detector can remove Fake Anti Spyware.Enterprise Suite, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.

Download Spyware Detector and Scan for FREE

	Personalized E-mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.
	Speed up your computer and increase browsing performance by deleting Spyware & Adware
	Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software.
	Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes.

	Spyware & Adware Categories we scan
	Spyware Removal Tools
	Submit a False Positive
	Submit a Threat

“I just purchased Spyware Detector and ran it. I am very impressed with how good it was. On the first scan it picked up a lot of very bad Trojans, worms, backdoor poisons that other companies had missed. Thank you!!”