Home/ Spyware Encyclopedia / Fake Anti Spyware.Safe Harddrive | |  | Fake Anti Spyware.Safe Harddrive Technical Details |  |
|
| Category |
 |
Fake
Anti Spyware |
| Discovered |
|
5/3/2008
1:10:00 PM |
| Modified |
|
5/3/2008
4:39:00 PM |
| Threat
Level |
|
Critical |
| Description |
|
Safe
Harddrive is Rogue
Anti-Spyware program.
It is an unwanted
application. Safe
Harddrive tries
to trick you into
buying it by claiming
you have been infected
with spyware and
then showing you
false error reports.
Safe Harddrive Protection
does not scan any
spyware. It scans
legitimate S/W Entries,
which are present
on a PC, and offers
to purchase product
to scan/quarantine
those entries. It
spreads other rogue
application &
spyware on the system.
It is downloaded
through Zlob and
Trojan. |
| Summary |
|
The
hosts file was updated
with the following
url-to-ip mappings:
n/a
The
following http urls
were started:
vipantiscanner.com
windowzscanner.com
206.53.51.32
Generated smtp
traffic: n/a
Connection(s)
established with
remote IRC Server:
n/a
The
following hidden
entries created:
n/a
The following
internet connection
was established:
89.18.181.100:80 |
| Processes |
|
SysRep.exe,
ucookw.exe, strpmon.exe |
| Drivers
|
|
N/A |
| Folders
Created |
|
%PFDIR%\SafeHardDrive
%PROGRAM_FILES_COMMON%\SafeHardDrive
%COMMON_APPDATA%\safeharddrive
%COMMON_APPDATA%\safeharddrive\Data |
| Browsed
Sites |
|
safeharddrive.com |
| When
the Fake Anti Spyware
is executed, it
creates the following
files: |
| Name |
Version |
Publisher |
Signature
(MD5) |
File
Size (in Bytes) |
| ..\safeharddrive\strpmon.exe |
1.0.30.0 |
|
a6cacf9574b029199dd8b617dd57a5b4 |
426496 |
| ..\safeharddrive\sysrep.exe |
1.5.13.0 |
|
3c8d708b52407fb1303607671941fecc |
1544192 |
| ..\safeharddrive\sysrep.exe.xml |
|
|
150fab3b12b4709738792d0378087c4a |
3426195 |
| ..\desktop\safeharddrive.lnk |
|
|
|
609 |
| ..\16a.exe |
|
|
b6dc82c8e6869766b94afd5589262020 |
30835 |
| ..\setup_en.exe |
1.3.122.3 |
WinserviceCorp
Ltd. |
6690faec1d3f0169fd4cb6fc81b2475c |
260376 |
| ..\2451234.exe |
|
|
ae3210c2d8a3672b3a5459d88ce40ec8 |
111104 |
|
|
| When
the Fake Anti Spyware
is executed, it
creates the following
Registry entries: |
| • |
..\software\safeharddrive |
| • |
..\software\classes\clsid\{1d64a025-3054-490f-8036-8199bc24e360} |
| • |
..\software\classes\clsid\{69f268d1-2a51-4ee6-954f-7defa888852f} |
| • |
..\software\classes\clsid\{f0d51626-f70a-42f3-82d6-e34217900efd} |
| • |
..\software\classes\interface\{15f5b521-e8cb-4477-b1a5-02f9c6d8e65c} |
| • |
..\software\classes\interface\{fc1430ab-4345-430e-b790-35e3bb200de1} |
| • |
..\software\classes\typelib\{877e97c3-efe2-4d55-98a9-c7104a260e20} |
| • |
..\software\classes\typelib\{9dddcf58-800f-4a63-ab4c-ac982321c9cb} |
| • |
..\software\microsoft\windows\currentversion\run\"safeharddrive" |
| • |
..\software\microsoft\windows\currentversion\run\"winsvr32" |
| • |
..\software\safeharddrive |
|
Snapshot
 |
|
Recommendation to remove Fake Anti Spyware.Safe Harddrive |  | Spyware Detector can remove Fake Anti Spyware.Safe Harddrive, and thousands of other Spyware definitions, automatically and instantly. Click here to download Spyware Detector and scan for free. |
| |
|
| |
| |
| |  |
Personalized
e-Mail support by our Research
Team. You send an "Export Log"
report to us, we then add new definition
and you eliminate spyware found on YOUR
PC in the next Live Update. So, not only
do you benefit but the whole community enjoys
the feedback. |
|  | Speed up your computer and increase browsing performance by deleting Spyware & Adware | | | Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software. | | | Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes. |
|
|
| |  | | | | | |  | |  Submit a Threat
Submit a threat to be reviewed by our research team
Submit a Threat | |  |
|
|