||||
Symantec.com > Business > Security Response > MalwareDestructor
PRINT THIS PAGE

MalwareDestructor

Printer Friendly Page

Updated: September 7, 2007 2:51:49 PM
Type: Misleading Application
Infection Length: 6,784,482 bytes
Name: MalwareDestructor
Version: 4.1.0.0
Publisher: MalwareDestructor
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior
This misleading application must be manually installed.





The program gives a number of exaggerated reports about potential risks on the computer.





The user is then prompted to pay for a full license for the application in order to remove the errors.





Installation
When the program is executed, it creates the following folder:
C:\Program Files\MalwareDestructor\Logs

It then creates the following files:
  • C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareDestructor 4.5.lnk
  • C:\Documents and Settings\Administrator\Desktop\MalwareDestructor 4.5.lnk
  • C:\Documents and Settings\Administrator\Start Menu\Programs\MalwareDestructor\MalwareDestructor 4.5 Un-Installer.lnk
  • C:\Documents and Settings\Administrator\Start Menu\Programs\MalwareDestructor\MalwareDestructor 4.5 Website.lnk
  • C:\Documents and Settings\Administrator\Start Menu\Programs\MalwareDestructor\MalwareDestructor 4.5.lnk
  • C:\Documents and Settings\Administrator\Start Menu\MalwareDestructor 4.5.lnk
  • C:\Program Files\MalwareDestructor\001.dat
  • C:\Program Files\MalwareDestructor\002.dat
  • C:\Program Files\MalwareDestructor\003.dat
  • C:\Program Files\MalwareDestructor\004.dat
  • C:\Program Files\MalwareDestructor\005.dat
  • C:\Program Files\MalwareDestructor\006.dat
  • C:\Program Files\MalwareDestructor\007.dat
  • C:\Program Files\MalwareDestructor\008.dat
  • C:\Program Files\MalwareDestructor\009.dat
  • C:\Program Files\MalwareDestructor\DbgHelp.Dll
  • C:\Program Files\MalwareDestructor\Logs\shield_activity-09072007-093756.log
  • C:\Program Files\MalwareDestructor\MalAntiSpam.dll
  • C:\Program Files\MalwareDestructor\MalwareDestructor.EXE
  • C:\Program Files\MalwareDestructor\MalwareDestructor.log
  • C:\Program Files\MalwareDestructor\MalwareDestructor.url
  • C:\Program Files\MalwareDestructor\msvcp71.dll
  • C:\Program Files\MalwareDestructor\msvcr71.dll
  • C:\Program Files\MalwareDestructor\Plugins\DesktopManager\DesktopManager.dll
  • C:\Program Files\MalwareDestructor\Plugins\DesktopManager\Languages\English.ini
  • C:\Program Files\MalwareDestructor\Plugins\DesktopManager\Languages\Spanish.ini
  • C:\Program Files\MalwareDestructor\Plugins\StartupEditor\Languages\English.ini
  • C:\Program Files\MalwareDestructor\Plugins\StartupEditor\Languages\Spanish.ini
  • C:\Program Files\MalwareDestructor\Plugins\StartupEditor\StartupEditor.dll
  • C:\Program Files\MalwareDestructor\settings.ini
  • C:\Program Files\MalwareDestructor\uninst.exe


Next, the program creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MalWareDestruct.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\spamdet.DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9DA1990B-9BCA-4c80-AEFB-11A40FA849F9}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C628512D-A058-4BD4-B47B-B036F45FA02B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A301FAB7-0853-9F4D-BA0D-BE2F421E5A18}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0367D41-1C19-4e98-8F5D-006213C5B1BB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{214345B8-BB69-498D-A168-29F58F15D806}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E67E9DC-7294-44C3-BC99-EA6E29E74076}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4ED5E198-E576-4676-93B8-2C401D1A67D0}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D59B2DD5-0609-4BDC-AB47-A9A28ABC482A}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8FF4547-4FA4-4FEA-B689-7190C2A40364}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExpertAntivirus.Addin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExpertAntivirus.Addin.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MalWareDestruct.Server
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MalWareDestruct.Server.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spamdet.SpamDetector
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spamdet.SpamDetector.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareDestructor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareDestructor
  • HKEY_LOCAL_MACHINE\SOFTWARE\MalwareDestructor



Similar Security Risks
ExpertAntivirus
Search by name
Example: W32.Beagle.AG@mm
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS