/
Security Response/
WinAntiSpyware

WinAntiSpyware

Printer Friendly Page|Rate this page

Updated:: February 13, 2007 11:48:42 AM
Type:: Misleading Application
Version:: 3.0.28.4
Publisher:: WinAntiSpyware
Risk Impact:: Medium
File Names:: uwas6chk.dll uwasffNT.exe was6.exe WAS6.url uwasfsd.sys wasfsd.sys ApiMon.sys was6chk.dll
Systems Affected:: Windows 2000, Windows 98, Windows NT, Windows XP

When WinAntiSpyware is executed, it performs the following actions:

Creates the following files:
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006 Scanner
  \Contact customer support.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006 Scanner
  \Uninstall WinAntiSpyware 2006 Scanner.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006 Scanner
  \WinAntiSpyware 2006 Scanner on the Web.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006 Scanner
  \WinAntiSpyware 2006 Scanner Online Manual.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006 Scanner
  \WinAntiSpyware 2006 Scanner.lnk
- %UserProfile%\application data\microsoft\internet explorer\quick launch\WinAntispyware 2006.lnk
- %UserProfile%\Desktop\WinAntiSpyware 2006 Scanner.lnk
- %UserProfile%\Local Settings\Temp\WinAntiSpyware2006Setup.exe
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\Activate.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\AsAgents.dll
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\bnlink.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\appupdate.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\AutoProcess.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\dbupdate.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\enemies.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\knownfiles.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\monstate.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\PortSpec.ats
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\quaratine.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\RTMonitor.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\Summary.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\tasks.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\database\TEBase.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\InstHelp.exe
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\lapv.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\license.rtf
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\manual.url
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\pv.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\shellext.dll
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\sr.log
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\support.url
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\unins000.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\unins000.exe
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\updater.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\Updater.exe
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\uwas6chk.dll
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\uwasffNT.exe
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\vbpv.dat
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\was6.exe
- %ProgramFiles%\WinAntiSpyware 2006 Scanner\WAS6.url
- %CommonProgramFiles%\WinAntiSpyware 2006\was6chk.dll
- %ProgramFiles%\WinAntiSpyware 2006\Activate.dat
- %ProgramFiles%\WinAntiSpyware 2006\AsAgents.dll
- %ProgramFiles%\WinAntiSpyware 2006\AsAgents.xml
- %ProgramFiles%\WinAntiSpyware 2006\database\enemies.dat
- %ProgramFiles%\WinAntiSpyware 2006\database\knownfiles.dat
- %ProgramFiles%\WinAntiSpyware 2006\database\TEBase.dat
- %ProgramFiles%\WinAntiSpyware 2006\InstHelp.exe
- %ProgramFiles%\WinAntiSpyware 2006\lapv.dat
- %ProgramFiles%\WinAntiSpyware 2006\license.rtf
- %ProgramFiles%\WinAntiSpyware 2006\manual.pdf
- %ProgramFiles%\WinAntiSpyware 2006\ps.dat
- %ProgramFiles%\WinAntiSpyware 2006\pv.dat
- %ProgramFiles%\WinAntiSpyware 2006\shellext.xml
- %ProgramFiles%\WinAntiSpyware 2006\shellext.dll
- %ProgramFiles%\WinAntiSpyware 2006\support.exe
- %ProgramFiles%\WinAntiSpyware 2006\threatnet.ini
- %ProgramFiles%\WinAntiSpyware 2006\unins000.dat
- %ProgramFiles%\WinAntiSpyware 2006\unins000.exe
- %ProgramFiles%\WinAntiSpyware 2006\UnWizard.exe
- %ProgramFiles%\WinAntiSpyware 2006\unwizard.xml
- %ProgramFiles%\WinAntiSpyware 2006\updater.dat
- %ProgramFiles%\WinAntiSpyware 2006\vbpv.dat
- %ProgramFiles%\WinAntiSpyware 2006\was6.exe
- %ProgramFiles%\WinAntiSpyware 2006\WAS6.url
- %ProgramFiles%\WinAntiSpyware 2006\WAS6.xml
- %ProgramFiles%\WinAntiSpyware 2006\wasffNT.exe
- %System%\drivers\uwasfsd.sys
- %System%\drivers\ApiMon.sys
- %System%\drivers\wasfsd.sys
- %System%\stera.exe
- %System%\atl71.dll
- %System%\mfc71.dll
- %Windir%\is-[RANDOM].exe
- %Windir%\is-[RANDOM].lst
- %Windir%\is-[RANDOM].msg
- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer
  \Quick Launch\WinAntiSpyware 2006.lnk
- C:\Documents and Settings\Administrator\Desktop\WinAntiSpyware 2006.lnk
- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
  \Media Player\wmpfolders.wmdb
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006\Feedback on Support Quality.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006\Report Software Defect.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006\Request for Instructions.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006\Share Your Suggestions.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006\Uninstall WinAntiSpyware 2006.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006\WinAntiSpyware 2006 Manual.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006\WinAntiSpyware 2006 on the Web.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2006\WinAntiSpyware 2006.lnk
  
  Notes:
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- %CommonProgramFiles% is a variable that refers to the Common Files folder. By default, this is C:\Program Files\Common Files.
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExplorerUWAS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{_CLSID_WAShellExecuteCheck} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers \ExplorerUWAS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UWAS6.UWAS6 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwasfsd.CreationNotifier HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwasfsd.CreationNotifier.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwashellext.ShellHook HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwashellext.ShellHook.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwashellext.WASContextMenu HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwashellext.WASContextMenu.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall \WinAntiSpyware 2006 Scanner_is1 HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006 Scanner HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwasfsd HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Mirabilis HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Mirabilis \ICQ HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Mirabilis \ICQ\Agent HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Mirabilis \ICQ\Agent\Apps HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\WinAntiSpyware 2006 Scanner HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\WinAntiSpyware 2006 Scanner\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface \{ABCD4567-4D73-43E9-85E5-53A2DBD95422} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib \{ABCD4567-7437-43EF-AB74-4AB1D3A37422} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wasfsd.CreationNotifier HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wasfsd.CreationNotifier.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1 HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006 HKEY_ALL_USERS\Software\WinAntiSpyware 2006HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wasfsdHKEY_LOCAL_MACHINE\SOFTWARE\Classes\\*\shellex\ContextMenuHandlers\ExplorerWAS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers \ExplorerWAS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UWAS6.UWAS6 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\washellext.WASContextMenu HKEY_LOCAL_MACHINE\SOFTWARE\Classes\washellext.WASContextMenu.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WASPChk.WASPChk HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYSTEM\ControlSet003\Services\wasfsd
Adds the value:

"WinAntiSpyware 2006 Scanner" = "C:\Program Files\WinAntiSpyware 2006 Scanner\was6.exe"

to the registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

so that the risk runs every time Windows starts.
Displays alert messages when changes are made on the compromised computer. The activity in question is halted until the user clicks Allow or five seconds have passed.

The types of activities that the risk blocks include the following:
- Changes to the browser's home page
- Installation of software

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm

STAR Antimalware Protection Technologies

Internet Security Threat Report, Volume 17

Symantec [+]
Norton [+]
- AntiVirus|
- Norton Store|
- Internet Security|
- Mac AntiVirus|
- Mobile Security|
- Norton|
- Spyware|
- Virus Protection|
- Virus Removal|
- Virus Scan
Website Security Solutions [+]
PC Tools [+]

PRODUCTS & SERVICES

POPULAR PRODUCTS

SOLUTIONS

HOW TO BUY

RESOURCES

COMMUNITIES: SYMANTEC CONNECT

Trust the Leader

Symantec SSL Certificates

PRODUCT SUPPORT

PRODUCT SUPPORT FOR ACQUIRED COMPANIES

LICENSING & ACCOUNT MANAGEMENT ASSISTANCE

BUSINESS SUPPORT RESOURCES

COMMUNITIES: SYMANTEC CONNECT

NORTON COMMUNITY

SOCIAL MEDIA

Information Unleashed

The Official Voice of Symantec

STAY SECURE

Updates

Repair

BE INFORMED

24/7 Reporting

Security Technology and Response

PUBLICATIONS

CONTACT US ABOUT

2013 Internet Security Threat Report

Symantec data and analysis on the threat landscape.

TRIALWARE

All Business Trialware

BUY ONLINE

Website Security Solutions

Shop All Business

SHOP NORTON

Most Popular

New Products

My Norton Product

See all Norton offerings

Double your peace of mind and save 15%

Endpoint Protection Small Business Edition 2013 + Backup Exec.cloud Bundle

WinAntiSpyware

Search Threats