Fake Anti Spyware.TotalSecure2009 - Spyware Detector

Home / Spyware Encyclopedia / Fake Anti Spyware.TotalSecure2009

Fake Anti Spyware.TotalSecure2009 Technical Details

Category	Fake Anti Spyware
Discovered	8/20/2005 12:00:00 AM
Modified	9/18/2009 4:51:48 PM
Threat Level	Critical

Category Description

These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.

Notice

Summary

The following http urls were started:

•a1.mxlivemedia.com/bc/nsi_install.php?aff_id=default&inst_result=success&id=25f3f9a07...

•favoritetubeonline.com/inst/index.php?affid=169&subid=0&guid=3c8d1ce0-5bb6-4b91-b2db-...

•www.av-xp-2008.com/images/1218518112/2d90cceadcc6e73718880169f6530dd9/169/30106d2a-7d...

The hosts file was updated with the following url-to-ip mappings: NA

The following internet connection was established:

85.92.158.75 : 80

127.0.0.1 : 1516

207.46.225.221 : 80

The following Files were created:

Name	Version	Publisher	Signature (MD5)	File Size (in KB)
..\QIP\IERCPT.DLL	1.0.0.1	WITABETT ENTERPRISES LTD	74c463eae775b2a4ad312c33d82673dd	110592
..\system doctor free \systemdoc.exe	1.1.180.7	SYSTEMDOCTOR, LTD.	00bb47fac87974127de24e2bf06dbf24	3772416
..\system doctor free \insthelp.exe	1.0.1.0	systemdoctor, inc.	db8fbbb4a1b1267d6a89889b3acaa425	110592
..\system doctor free \systemdoc.exe	1.1.180.3	systemdoctor inc.	00bb47fac87974127de24e2bf06dbf24	3792896
..\SISETUP.EXE	1.0.0.0	SPYWAREISO2008.COM	92edb65deceec03a03d6ccdfb26afc6b	1838290
..\QIP\IERCPT.DLL	1.0.1.0	PersonalAntiSpy Inc.	74c463eae775b2a4ad312c33d82673dd	110592
..\system doctor free \insthelp.exe	1.0.1.0	INSTHELP	db8fbbb4a1b1267d6a89889b3acaa425	110592
..\QIP\IERCPT.DLL	1.0.0.1	CLEANER2009 INC.	74c463eae775b2a4ad312c33d82673dd	110592
..\A9INSTALLER_77027901.EXE			087e3ba4fc9bbb7967f78f9bb72370c1
..\TS2009\SCAN.EXE	1.2.0.0			7223808
..\IEEXPLORER32.EXE
..\SYSGYCNAFEKB.EXE			c10a1158d50591181fe47a2972d2227b	54306
..\SYSRAGFCHQSB.EXE			9db748dbeaa2e300d1af66567ee8d56f	40994
..\SYSGYCNAFEKB.EXE				54306
..\XXYYOIXV.DLL			ffb9abe7484571d9c836daa659e2bf6b
..\ULTIMATECLEANER_INSTALLER.EXE			28ffc7b681afb1fbf2dd06fe6f2bcefc	147280
..\WMCODEC_UPDATE.EXE			39ab28cd98db92dc1a84306f01492a5c	436640
..\SOFTWARESETUP_SB.EXE			fa15339bba136bbd6302acbc09d85737	116774
..\TOTALSECURE2009.EXE			c9751a4ceffa4acac7a51cd2b11f1f30	1538563
..\PWXSETUP.EXE			1a8c1dc02c5e80bda949982981854f55	646132
..\TOTALSECURE2009.EXE				1538563
..\SOFTWARESETUP_SB.EXE				116774
..\PWXSETUP.EXE				646132
..\1F357E0DADMINISTRATOR.DAT
..\MGXFEBSQ.DLL				233472
..\DTSEQRXK.DLL				319488
..\MQGLDFVO.EXE			3d8c30f99663d210048c4be203bf1bf8

The following Registry Entries were created:

•	..\System\CurrentControlSet\Services\tcpsr
•	..\System\CurrentControlSet\Services\cbevtsvc
•	..\Software\Classes\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91}
•	..\Software\Classes\Clsid\{18cb1a7b-94cd-4582-8022-ada16851e44b}
•	..\Software\Classes\Clsid\{037c7b8a-151a-49e6-baed-cc05fcb50328}
•	..\Software\Classes\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226}
•	..\Software\Classes\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481}
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\usysd_is1
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\altcompare
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\spywareisolator_is1
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\webvideo
•	..\Software\Classes\Appid\codecbho.dll
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"CPL32VER"\"%WIN.SYS32%\CPL32VER.EXE"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"TOTALSECURE2009"\"%PF%\TOTALSECURE2009\SCAN.EXE"
•	..\Software\TOTALSECURE2009
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\TOTAL SECURE 2009
•	..\Software\ANTIVIRUSDOC
•	..\Software\Classes\TOOLIE.BHO
•	..\Software\Microsoft\Windows NT\CurrentVersion\\"BAR23ID"\"128D11B974F0D736CB664573FB759C77"
•	..\System\CurrentControlSet\Services\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\AUTHORIZEDAPPLICATIONS\LIST\"%DAS.AU.APP DATA%\MCRUPDATE.EXE"\"%DAS.AU.APP DATA%\MCRUPDATE.EXE:*:ENABLED:@XPSP2RES.DLL,-22019"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"GSCNS384"\"%DAS.AU.APP DATA%\PCPRIV.EXE"

Recommendation to remove Fake Anti Spyware.TotalSecure2009

Spyware Detector can remove Fake Anti Spyware.TotalSecure2009, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.

Download Spyware Detector and Scan for FREE

Search Threats