Updated: July 21, 2009 11:06:30 AM
Type: Misleading Application
Name: SpySniper
Version: 0.0.0.0
Publisher: Pimasoft
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
BehaviorThe program must be manually installed.
The program reports false or exaggerated system security threats on the computer.
The user is then prompted to pay for a full license of the application in order to remove the threats.
InstallationWhen the program is executed, it creates the following files:
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy Sniper.lnk
- %UserProfile%\Desktop\Spy Sniper.lnk
- %UserProfile%\Local Settings\Temp\MSI411b2.LOG
- %UserProfile%\Local Settings\Temp\MSI4731b.LOG
- %UserProfile%\Local Settings\Temp\MSI4db3b.LOG
- C:\Documents and Settings\All Users\Start Menu\Programs\Spy Sniper\Spy Sniper.lnk
- %ProgramFiles%\Spy Sniper\Alert.wav
- %ProgramFiles%\Spy Sniper\FScan.dll
- %ProgramFiles%\Spy Sniper\Host.Log
- %ProgramFiles%\Spy Sniper\LiveUpdate.exe
- %ProgramFiles%\Spy Sniper\RScan.dll
- %ProgramFiles%\Spy Sniper\Shields.exe
- %ProgramFiles%\Spy Sniper\SpySniper.exe
- %ProgramFiles%\Spy Sniper\spysniperbanner.gif
- %ProgramFiles%\Spy Sniper\SpySniperWizard.exe
- %ProgramFiles%\Spy Sniper\unins000.dat
- %ProgramFiles%\Spy Sniper\unins000.exe
- %Windir%\Installer\13be52.mst
- %Windir%\Installer\13be56.mst
- %Windir%\Installer\13be5a.mst
- %System%\spsmocns.dll
- %System%\ufpsmeat.dll
- %System%\vcpsmfex.dll
- %System%\wipsmtprdf.dll
The program also creates four randomly named temporary files in the following folder:
%UserProfile%\Local Settings\Temp\[RANDOM CHARACTERS].tmp
It also creates the following registry subkeys:
- HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SpySniper
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\Control
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\Implemented Categories
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\InprocServer32
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\MiscStatus
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\ProgID
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\Programmable
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\ToolboxBitmap32
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\TypeLib
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\Version
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\InprocServer32
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\InprocServer32
- HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\InprocServer32
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\ProxyStubClsid32
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\ProxyStubClsid
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\TypeLib
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\ProxyStubClsid32
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\ProxyStubClsid
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\TypeLib
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\ProxyStubClsid32
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\ProxyStubClsid
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\TypeLib
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\ProxyStubClsid32
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\ProxyStubClsid
- HKEY_CLASSES_ROOT\Interface\{[RANDOM CLSID]}\TypeLib
- HKEY_CLASSES_ROOT\TypeLib\{[RANDOM CLSID]}\1.2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spy Sniper_is1
Facebook
Digg
Reddit
Technorati
Slashdot
Twitter
Google
Yahoo Buzz
Delicious
StumbleUpon