Fake Anti Spyware.Security Tool - Spyware Detector

Home / Spyware Encyclopedia / Fake Anti Spyware.Security Tool

Fake Anti Spyware.Security Tool Technical Details

Category	Fake Anti Spyware
Discovered	3/28/2007 4:38:00 PM
Modified	1/2/2010 12:13:57 PM
Threat Level	Critical

Category Description

These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.

Notice

Summary

The following http urls were started:

•inspectguide.com/in.php?affid=14651&url=5

•inspectguide.com/in.php?url=1&affid=14651

•www.billingsoftwaresite.com/buy2.php?affid=14651

The hosts file was updated with the following url-to-ip mappings:

127.0.0.1	localhost
127.0.0.1	download.windowsupdate.com
127.0.0.1	http://update.microsoft.com

The following internet connection was established:

189.1.162.20 : 80

59.144.127.138 : 80

66.197.161.230 : 80

The following Files were created:

Name	Version	Publisher	Signature (MD5)	File Size (in KB)
..\fhb.exe	0.2.0.0	Sec IT	b597557cbf70ac6f2d35e432ceb28938	598359
..\install7.exe			ed4e1ae863b061fdbbd5b538ce660e25	1167872
..\kb959459.exe			5b05d640c0239a6d86fcaa2708a00ba7	1167931
..\wlu1011.exe			69210396962c8ef81f4ac2ab3b554fdf	859648
..\msa.exe				158208
..\windowsliveupdater.exe			6837e4b16995a5586f2a8bd810b92d05	859648
..\zloy.exe			f2fb258943cdfedae9c32b9e1f2c4100	72704
..\nhntmp.exe			ca9dedc908077cd22dd80b43a164ec82	164352
..\mms_10_30_am.exe			eedc15686be0e819d2ee8960c7d2a1a3	320000
..\b10.exe			2e553ebf10ec08b6f1c19347d4738208	6144
..\50553.exe			3e302cdf9fb5c17f362ea08e6eef7969	158208
..\test sample 1\zloy.exe			f2fb258943cdfedae9c32b9e1f2c4100	72704
..\test sample 1\st14651.exe			ffc84051077658672a77c43710e1976d	1208353
..\test sample 1\s2.exe			4f9785e3323148dced188aecca974092	30834
..\test sample 1\s16.exe			e61955df39b082c40f44c1db169e6d75	21520
..\test sample 1\s11.exe			04201396513665c1925b12e6def6e99e	27242
..\test sample 1\s10.exe			6a2460e3474a983a65be3dffae7757a7	31248
..\test sample 1\s02.exe			e7b49681039d95a4b18f2e6dba615eb5	24690
..\test sample 1\s01.exe			df2154eca6c72363d081ad1c936bbaaf	25616
..\test sample 1\nhntmp.exe			ca9dedc908077cd22dd80b43a164ec82	164352
..\test sample 1\mms_10_30_am.exe			eedc15686be0e819d2ee8960c7d2a1a3	320000
..\test sample 1\m5.exe			942d2cdd8bd277f633bcade268cf1504	26242
..\test sample 1\m07.exe			6d1b87e98209c6ac35156f370b8d3cea	26737
..\test sample 1\m06.exe			d8959c58050ad24600f501a7c88dab91	30224
..\test sample 1\m01.exe			71a520d216358c155224a760eeb375e7	13603
..\test sample 1\b10.exe			2e553ebf10ec08b6f1c19347d4738208	6144
..\test sample 1\50553.exe			3e302cdf9fb5c17f362ea08e6eef7969	158208

The following Registry Entries were created:

•	..\Software\Classes\Clsid\{500bca15-57a7-4eaf-8143-8c619470b13d}
•	..\Software\security tool
•	..\Software\16415624
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"16415624"\"%das.au.app data%\16415624\16415624.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"2804603282"\"%das.au.app data%\2804603282\2804603282.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"install"\"%das.au.app data%\2804603282\2804603282.bat"
•	..\Software\17459214
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\explorer 1.00
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"0243558683"\"%das.au.app data%\0243558683\0243558683.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"17459214"\"%das.au.app data%\17459214\17459214.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"2545864989"\"%das.au.app data%\2545864989\2545864989.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"4705274294"\"%das.au.app data%\4705274294\4705274294.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"5696310086"\"%das.au.app data%\5696310086\5696310086.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"8100532101"\"%das.au.app data%\8100532101\8100532101.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"9352278669"\"%das.au.app data%\9352278669\9352278669.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"ts"\"%pf%\ts\tsc.exe"
•	..\Software\Classes\Clsid\{827e2fb4-1047-43de-848d-e12bb0c97aab}
•	..\Software\mediasolaris
•	..\Software\Classes\XML.XML.1
•	..\Software\Classes\XML.XML
•	..\Software\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7}
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009
•	..\Software\Classes\Clsid\{51716c09-6b08-4ccf-b526-718e912c0573}
•	..\Software\Classes\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19}

Recommendation to remove Fake Anti Spyware.Security Tool

Spyware Detector can remove Fake Anti Spyware.Security Tool, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.

Download Spyware Detector and Scan for FREE

Search Threats