Content

AntiSpyCheck

Type
Program
SubType
Win32
Discovery Date
07/10/2008
Minimum DAT
5336 (07/10/2008)
Updated DAT
5336 (07/10/2008)
Minimum Engine
5.1.00
Description Added
07/10/2008
Description Modified
08/20/2008 12:36 AM (PT)

Tab Navigation

Characteristics

McAfee(R) Avert™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Overview:

This description is for potentially unwanted program that shows false error messages, misleading spyware scan results, and uses aggressive advertising to persuade the user to purchase it.

Potentially Unwanted Programs are any piece of software which a reasonably security/privacy minded computer user may want to be informed of.

When the main executable is run, it displays the following window:

Once installed, this program creates the following folders:

  • %UserProfile%\StartMenu\Programs\AntiSpyCheck 2.1.0
  • %ProgramFiles%\AntiSpyCheck

It then drops the following files:

  • %UserProfile\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyCheck 2.1.0.lnk
  • %UserProfile \Desktop\AntiSpyCheck 2.1.0.lnk
  • %UserProfile \Start Menu\AntiSpyCheck 2.1.0.lnk
  • %UserProfile \Start Menu\Programs\AntiSpyCheck 2.1.0\AntiSpyCheck 2.1.0.lnk
  • %ProgramFiles%\AntiSpyCheck\AntiSpyCheck.exe
  • %ProgramFiles%\AntiSpyCheck\IEWarning.dll
  • %ProgramFiles%\AntiSpyCheck\uninst.exe

This program creates the following registry subkeys:

  • Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}
    Data: C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
  • Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run "AntiSpyCheck 2.1.0"
    Data: "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"

A screenshot of the main window is shown below:

Aliases

Aliases

  • Adware.AntiSpyCheck [ClamAV]
  • Adware/AntiSpyCheck [Panda]
  • AntiSpyCheck [Sunbelt]
  • AntiVirProtect [Symantec]
  • FraudTool.Win32.VirusProtectPro.af [Kaspersky]
  • Troj/AntiSpyC-A [Sophos]
  • Trojan.Fakealert [DrWeb]
  • Win32/Adware.AntiSpyCheck [NOD32v2]