||||
Symantec.com > Business > Security Response > PersonalAntispy
PRINT THIS PAGE

PersonalAntispy

Printer Friendly Page

Updated: September 26, 2008 2:33:41 PM
Type: Misleading Application
Name: PersonalAntispy
Version: 3.2.155
Publisher: www.personalantispy.com
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following folders:
  • %UserProfile%\Local Settings\Temp\UPAS
  • C:\Documents and Settings\All Users\Application Data\SalesMon
  • %CommonProgramFiles%\PersonalAntiSpy


It also creates the following files:
  • %UserProfile%\Desktop\PersonalAntiSpy.lnk
  • %UserProfile%\Local Settings\Temp\PersonalAntiSpySetup.exe
  • C:\Documents and Settings\All Users\Application Data\PersonalAntiSpy\Data\Abbr
  • C:\Documents and Settings\All Users\Application Data\PersonalAntiSpy\Data\ProductCode
  • C:\Documents and Settings\All Users\Start Menu\Programs\PersonalAntiSpy\PersonalAntiSpy.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\PersonalAntiSpy\Uninstall PersonalAntiSpy.lnk
  • %CommonProgramFiles%\PersonalAntiSpy\pbm.exe
  • %ProgramFiles%\PersonalAntiSpy Free\Activate.dat
  • %ProgramFiles%\PersonalAntiSpy Free\AsAgents.dll
  • %ProgramFiles%\PersonalAntiSpy Free\AsAgents.xml
  • %ProgramFiles%\PersonalAntiSpy Free\atl71.dll
  • %ProgramFiles%\PersonalAntiSpy Free\AutoProcess.dat
  • %ProgramFiles%\PersonalAntiSpy Free\bnlink.dat
  • %ProgramFiles%\PersonalAntiSpy Free\database\appupdate.dat
  • %ProgramFiles%\PersonalAntiSpy Free\database\dbupdate.dat
  • %ProgramFiles%\PersonalAntiSpy Free\database\enemies.dat
  • %ProgramFiles%\PersonalAntiSpy Free\database\knownfiles.dat
  • %ProgramFiles%\PersonalAntiSpy Free\database\tasks.dat
  • %ProgramFiles%\PersonalAntiSpy Free\database\TEBase.dat
  • %ProgramFiles%\PersonalAntiSpy Free\database\threatnet.dat
  • %ProgramFiles%\PersonalAntiSpy Free\err.log
  • %ProgramFiles%\PersonalAntiSpy Free\InstHelp.exe
  • %ProgramFiles%\PersonalAntiSpy Free\lapv.dat
  • %ProgramFiles%\PersonalAntiSpy Free\license.rtf
  • %ProgramFiles%\PersonalAntiSpy Free\mfc71.dll
  • %ProgramFiles%\PersonalAntiSpy Free\monstate.dat
  • %ProgramFiles%\PersonalAntiSpy Free\msvcp71.dll
  • %ProgramFiles%\PersonalAntiSpy Free\msvcr71.dll
  • %ProgramFiles%\PersonalAntiSpy Free\pas.exe
  • %ProgramFiles%\PersonalAntiSpy Free\pas.ini
  • %ProgramFiles%\PersonalAntiSpy Free\pas.xml
  • %ProgramFiles%\PersonalAntiSpy Free\pv.dat
  • %ProgramFiles%\PersonalAntiSpy Free\readme.rtf
  • %ProgramFiles%\PersonalAntiSpy Free\RTMonitor.dat\#agents\[RANDOM NUMBERS]\#startup
  • %ProgramFiles%\PersonalAntiSpy Free\RTMonitor.dat\#agents\[RANDOM NUMBERS]\#data
  • %ProgramFiles%\PersonalAntiSpy Free\RTMonitor.dat\#monitors\DirMonitor\c__\#data
  • %ProgramFiles%\PersonalAntiSpy Free\RTMonitor.dat\#monitors\DirMonitor\c__\#name
  • %ProgramFiles%\PersonalAntiSpy Free\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_[CURRENT USER]_Start Menu_Programs_Startup\#data
  • %ProgramFiles%\PersonalAntiSpy Free\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_[CURRENT USER]_Start Menu_Programs_Startup\#name
  • %ProgramFiles%\PersonalAntiSpy Free\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Start Menu_Programs_Startup\#data
  • %ProgramFiles%\PersonalAntiSpy Free\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Start Menu_Programs_Startup\#name
  • %ProgramFiles%\PersonalAntiSpy Free\scanlog.xml
  • %ProgramFiles%\PersonalAntiSpy Free\shellext.dll
  • %ProgramFiles%\PersonalAntiSpy Free\shellext.xml
  • %ProgramFiles%\PersonalAntiSpy Free\sr.log
  • %ProgramFiles%\PersonalAntiSpy Free\Summary.dat
  • %ProgramFiles%\PersonalAntiSpy Free\unins000.dat
  • %ProgramFiles%\PersonalAntiSpy Free\unins000.exe
  • %ProgramFiles%\PersonalAntiSpy Free\up.dat
  • %ProgramFiles%\PersonalAntiSpy Free\upascw.exe
  • %ProgramFiles%\PersonalAntiSpy Free\updater.dat
  • %ProgramFiles%\PersonalAntiSpy Free\updaterdb.dat
  • %ProgramFiles%\PersonalAntiSpy Free\UserAgent.dll
  • %ProgramFiles%\PersonalAntiSpy Free\uwasffNT.exe
  • %ProgramFiles%\PersonalAntiSpy Free\vbpv.dat
  • %System%\drivers\uwasfsd.sys
  • %System%\gdiplus.dll
  • %SystemRoot%\END


Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"PersonalAntiSpy Free" = ""C:\Program Files\PersonalAntiSpy Free\pas.exe" /min"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"upascw" = "C:\Program Files\PersonalAntiSpy Free\upascw.exe -c"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"PASMonitor" = "C:\Program Files\Common Files\PersonalAntiSpy\pbm.exe"


It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\Mirabilis
  • HKEY_CURRENT_USER\Software\PersonalAntiSpy Free
  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ExplorerUPAS
  • HKEY_CLASSES_ROOT\CLSID\{1924FA29-9740-4F6B-A683-90FB42FC1237}
  • HKEY_CLASSES_ROOT\CLSID\{5CAB6A79-7710-405a-9B08-A13E908534E9}
  • HKEY_CLASSES_ROOT\CLSID\{_CLSID_WAShellExecuteCheck}
  • HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerUPAS
  • HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerUPAS
  • HKEY_CLASSES_ROOT\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
  • HKEY_CLASSES_ROOT\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
  • HKEY_CLASSES_ROOT\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
  • HKEY_CLASSES_ROOT\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
  • HKEY_CLASSES_ROOT\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
  • HKEY_CLASSES_ROOT\TypeLib\{C766ED4F-EF37-4C77-8F71-288661A2D513}
  • HKEY_CLASSES_ROOT\upashellext.ShellHook.1
  • HKEY_CLASSES_ROOT\upashellext.ShellHook
  • HKEY_CLASSES_ROOT\upashellext.WASContextMenu.1
  • HKEY_CLASSES_ROOT\upashellext.WASContextMenu
  • HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier.1
  • HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PersonalAntiSpy Free_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\PersonalAntiSpy Free
  • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdateExperience
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1924FA29-9740-4F6B-A683-90FB42FC1237}: "PersonalAntiSpy Shell Hook"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PersonalAntiSpy Free_is1


Similar Security Risks

WinAntiSpyware
Search by name
Example: W32.Beagle.AG@mm
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS