Home / Spyware Encyclopedia / Fake Anti Spyware.ProAntispy | |  | Fake Anti Spyware.ProAntispy Technical Details |  | |
|
Category |
 |
Fake Anti Spyware |
| Discovered |
|
3/27/2008
12:01:00 PM |
| Modified |
|
3/28/2008
15:52:00 PM |
|
Threat Level |
|
Critical |
|
Description |
|
A Fake Anti Spyware is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. They spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware or worse, may add more spyware of their own It typically uses aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits. |
|
Summary |
|
the hosts file
was updated with the
following url-to-ip
mappings : n/a
the following http
urls were started
:
proantispy.com
d1.proantispy.com
www.proantispy.com
generated smtp
traffic : n/a
there was a new connection
established with a
remote irc server
: n/a
the following hidden
entries created :
n/a
the following
internet connection
was established:
85.255.120.102:80(85.255.120.102-xbox.dedi.inhoster.com)
216.255.177.60:80(216.255.177.60-custblock.intercage.com)
68.178.211.72:21(winhostecn72.prod.mesa1.secureserver.net)
manual installed fakeantispyware. |
| Processes |
|
pasetup.exe, ProAntispy.EXE
|
| Drivers
|
|
N/A |
| Folder
Created |
|
C:\Documents and Settings\max\Start
Menu\Programs\ProAntispy
C:\Program Files\ProAntispy |
| Browsed
Site |
|
N/A |
Behavior |
| 1) |
ProAntispy is
a rogue anti-spyware. |
| 2) |
It shows false
Warning messages. |
| 3) |
It also shows
misleading scan
Results. |
|
| When
the Fake Anti Spyware
is executed, it creates
the following files: |
| Name |
Version |
Publisher |
Signature
(MD5) |
File
Size (in KB) |
| ..\quick
launch \proantispy
3.0.lnk |
|
|
|
650 |
| ..\desktopmanager
\desktopmanager.dll |
2.0.1.1 |
Contra-Virus.com |
2a86655c3e5940ef04a50b87bc667973 |
282624 |
| ..\startupeditor
\startupeditor.dll |
2.0.1.1 |
Contra-Virus.com |
d4672f114a53f5316b99377483620d17 |
851968 |
| ..\proantispy\proantispam.dll |
2.0.0.1 |
MalWareDestructor |
20eb3a5333daaf3c4e5024ff2bfb9ce7 |
647168 |
| ..\proantispy\proantispy.exe |
4.1.0.0 |
proantispy |
425577fa6c7f16c291d2988f8a2352e4 |
|
| ..\proantispy\proantispy.exe |
4.1.0.0 |
ProAntispy |
425577fa6c7f16c291d2988f8a2352e4 |
1785856 |
| ..\proantispy\uninst.exe |
3.0.0.1438 |
ProAntispy |
2aa44577db40a061f5559a47bc0e26c1 |
38349 |
| ..\desktop\proantispy
3.0.lnk |
|
|
|
632 |
| ..\pasetup.exe |
3.0.0.1438 |
proantispy |
|
6853022 |
| ..\pasetup.exe |
3.0.0.1438 |
ProAntispy |
c773e19f5066f6d5e42501d61c9e3819 |
6853022 |
| ..\start
menu\proantispy
3.0.lnk |
|
|
|
632 |
|
|
| When
the Fake Anti Spyware
is executed, it creates
the following Registry
entries: |
| • |
..\software\classes\appid\{e5eeded6-28e4-464f-a405-00011da548e0} |
| • |
..\software\classes\appid\proantispy.exe |
| • |
..\software\classes\clsid\{79d8a82d-0e84-44d1-b256-0c6947d8b587} |
| • |
..\software\classes\clsid\{8233782f-fb85-328c-a3ab-d4f200fdfe2c} |
| • |
..\software\classes\interface\{75b8e84f-3957-4135-a70e-6d46b25fc21f} |
| • |
..\software\classes\proantispy.server |
| • |
..\software\classes\proantispy.server.1 |
| • |
..\software\classes\typelib\{6ab4dcd8-b81e-4e5c-8451-e5c3dbe5122a} |
| • |
..\software\microsoft\windows\currentversion\app
paths\proantispy.exe |
| • |
..\software\microsoft\windows\currentversion\uninstall\proantispy |
| • |
..\software\proantispy |
|
Snapshot
|
|
Recommendation to remove Fake Anti Spyware.ProAntispy |  | Spyware Detector can remove Fake Anti Spyware.ProAntispy, and thousands of other Spyware definitions, automatically and instantly. Click here to download Spyware Detector and scan for free. | | | | | | | | | | |  | Personalized e-Mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.
| |  | Speed up your computer and increase browsing performance by deleting Spyware & Adware | | | Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software. | | | Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes. | | | | |  | | | | |  | |  Submit a Threat
Submit a threat to be reviewed by our research team
Submit a Threat | |  | | |
