Adware.FindSpyware

Updated: February 13, 2007 11:42:47 AM

Type: Adware

Risk Impact: High

File Names: usrshutd.exe vwipxspnt.exe winmsdc.exe dxconf.exe truettf.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.FindSpyware is executed, it performs the following actions:

May drop the following file:

%Windir%\balloon.wav

Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
Waits for a random period of time.
May open a predetermined Web site such as:
- [http://]www.msnlist.com/[REMOVED]
- [http://]www.sexandpoker.com/[REMOVED]
May display the following fake message and play the sound %Windir%\Media\Windows XP Critical Stop.wmv

Title: Windows Security Center

Message:
WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer?
Opens a Web site on one of the following domains, if a user clicks yes:
- the msnlist.com
- spyware.asp
May display the following fake message and play the sound %Windir%\balloon.wav.

Title:
Your computer might be at risk

Message:
- Your virus protection status is bad
- Spyware Actively Detected Click this ballon to fix this problem
Clicking on the message will display content from [http://]www.winprotect.org/[REMOVED].

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}