Content

DrAntiSpy

Type
Program
SubType
Win32
Discovery Date
05/07/2008
Minimum DAT
5290 (05/07/2008)
Updated DAT
5290 (05/07/2008)
Minimum Engine
5.1.00
Description Added
05/07/2008
Description Modified
06/23/2008 12:47 AM (PT)

Tab Navigation

Characteristics

McAfee(R) Avert™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Overview:

This description is for potentially unwanted program that shows false error messages, misleading spyware scan results, and uses aggressive advertising to persuade the user to purchase it.

Potentially Unwanted Programs are any piece of software which a reasonably security/privacy minded computer user may want to be informed of.

When the main executable is run, it displays the following window:

 

Once installed, this program creates the following folders:

  • %UserProfile%\Start Menu\Programs\DrAntispy
  • %ProgramFiles%\DrAntispy

It then drops the following files:

  • %UserProfile%\Desktop\DrAntispy.lnk
  • %UserProfile%\Start Menu\Programs\Startup\DrAntispy.lnk
  • %UserProfile%\Start Menu\Programs\DrAntispy\DrAntispy.lnk
  • %UserProfile%\Start Menu\Programs\DrAntispy\Uninstall.lnk
  • %ProgramFiles%\DrAntispy\DrAntispy.exe
  • %ProgramFiles%\DrAntispy\DrAntispy.lic
  • %ProgramFiles%\DrAntispy\DrAntispy0.dr
  • %ProgramFiles%\DrAntispy\DrAntispy1.dr
  • %ProgramFiles%\DrAntispy\Uninstall.exe

This program creates the following registry subkeys:

  • Hkey_Current_User\Software\DrAntispySetup
  • Hkey_Current_User\Software\Install
  • Hkey_All_Users\Software\DrAntispy
  • Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Uninstall\DrAntispy

During installation, this application tries to connect to http:\\69.50.165.18\[Removed], but at the time of writing this description, the URL seemed down.

A screenshot of the main window is shown below:

Aliases

Aliases

  • Adware.DrAntispy.A - [BitDefender]
  • DrAntiSpy - [Symantec]
  • FraudTool.Win32.DrAntispy.ab - [Kaspersky]
  • Potentially harmful program Fake_AntiSpyware.FV -
  • W32/DrAntiSpy.I - [Norman]
  • Win32/Adware.DrAntispy - [NOD32]