||||
Symantec.com > Business > Security Response > DeusCleaner
PRINT THIS PAGE

DeusCleaner

Printer Friendly Page

Updated: November 22, 2007 5:02:44 PM
Type: Misleading Application
Name: DeusCleaner
Version: 1.0.1.11
Publisher: DeusCleaner
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





This application scans the system for privacy violations such as Internet cache files. The application frequently displays pop-up windows such as the above pay-for prompt. This prompt is also displayed after restarting the computer. The user must purchase the full version of the application to repair any violations it finds.


Installation
When the program is executed, it creates the following folders:
  • %UserProfile%\Application Data\Deus Cleaner
  • %ProgramFiles%\Deus Cleaner\Languages


It also creates the following files:
  • C:\Documents and Settings\All Users\Desktop\Deus Cleaner.lnk
  • %Program\Deus Cleaner\Deus Cleaner Help.lnk
  • %Program\Deus Cleaner\Deus Cleaner.lnk
  • %Program\Deus Cleaner\Uninstall Deus Cleaner.lnk
  • %ProgramFiles%\Deus Cleaner\config\DBInfo.ver
  • %ProgramFiles%\Deus Cleaner\config\FireFoxCache.set
  • %ProgramFiles%\Deus Cleaner\config\FireFoxCookie.set
  • %ProgramFiles%\Deus Cleaner\config\FireFoxHistory.set
  • %ProgramFiles%\Deus Cleaner\config\IE Cache.set
  • %ProgramFiles%\Deus Cleaner\config\IE Cookie.set
  • %ProgramFiles%\Deus Cleaner\config\IE History.set
  • %ProgramFiles%\Deus Cleaner\config\OfficeTmpFiles.set
  • %ProgramFiles%\Deus Cleaner\config\Opera Cache.set
  • %ProgramFiles%\Deus Cleaner\config\Opera Cookie.set
  • %ProgramFiles%\Deus Cleaner\config\Opera Download.set
  • %ProgramFiles%\Deus Cleaner\config\Opera List.set
  • %ProgramFiles%\Deus Cleaner\config\Recycle.set
  • %ProgramFiles%\Deus Cleaner\config\StBakupFiles.set
  • %ProgramFiles%\Deus Cleaner\config\TmpFiles.set
  • %ProgramFiles%\Deus Cleaner\config\WinClipBoard.set
  • %ProgramFiles%\Deus Cleaner\config\WinPreftech.set
  • %ProgramFiles%\Deus Cleaner\config\WinRecent.set
  • %ProgramFiles%\Deus Cleaner\config\WinRunHistory.set
  • %ProgramFiles%\Deus Cleaner\config\WinTmp.set
  • %ProgramFiles%\Deus Cleaner\config\WinUpdate.set
  • %ProgramFiles%\Deus Cleaner\DCleaner.exe
  • %ProgramFiles%\Deus Cleaner\DCUpdate.exe
  • %ProgramFiles%\Deus Cleaner\Help\DCHelpEng.chm
  • %ProgramFiles%\Deus Cleaner\scan.log
  • %ProgramFiles%\Deus Cleaner\SDmodul.dll
  • %ProgramFiles%\Deus Cleaner\unins000.dat
  • %ProgramFiles%\Deus Cleaner\unins000.exe
  • %ProgramFiles%\Deus Cleaner\working.log


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Deus Cleaner" = ""C:\Program Files\Deus Cleaner\DCleaner.exe" /s"

It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\Deus Cleaner
  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Deus Cleaner
  • HKEY_CLASSES_ROOT\CLSID\{F3175B35-99CE-4297-A7E1-292562DD7AF3}
  • HKEY_CLASSES_ROOT\Deus Cleaner
  • HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Deus Cleaner
  • HKEY_CLASSES_ROOT\SDmodul.Secure Delete with Deus Cleaner
  • HKEY_LOCAL_MACHINE\SOFTWARE\Deus Cleaner
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deus Cleaner_is1
Search by name
Example: W32.Beagle.AG@mm
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS