||||
Symantec.com > Security Response > Threats and Risks > SpywareQuake
PRINT THIS PAGE

SpywareQuake

Printer Friendly Page

Updated: February 13, 2007 11:49:07 AM
Type: Misleading Application
Version: 2.0
Publisher: spywarequake.com
Risk Impact: Medium
File Names: %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk %Use
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When SpywareQuake is installed, it performs the following actions:
  1. Creates the following files:

    • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
    • %UserProfile%\Desktop\SpywareQuake.lnk
    • %UserProfile%\Local Settings\Temp\SQLanguage.ini
    • %UserProfile%\Start Menu\Programs\SpywareQuake\SpywareQuake 2.0 Website.lnk
    • %UserProfile%\Start Menu\Programs\SpywareQuake\SpywareQuake 2.0.lnk
    • %UserProfile%\Start Menu\Programs\SpywareQuake\Uninstall SpywareQuake 2.0.lnk
    • %UserProfile%\Start Menu\SpywareQuake 2.0.lnk
    • %ProgramFiles%\SpywareQuake\blacklist.txt
    • %ProgramFiles%\SpywareQuake\Lang\English.ini
    • %ProgramFiles%\SpywareQuake\msvcp71.dll
    • %ProgramFiles%\SpywareQuake\msvcr71.dll
    • %ProgramFiles%\SpywareQuake\ref.dat
    • %ProgramFiles%\SpywareQuake\SpywareQuake.exe
    • %ProgramFiles%\SpywareQuake\SpywareQuake.url
    • %ProgramFiles%\SpywareQuake\uninst.exe
    • %ProgramFiles%\SpywareQuake\Lang\*.*
    • %ProgramFiles%\SpywareQuake\Dirs\*.*
    • %ProgramFiles%\SpywareQuake\Quarantine\*.*

      Note:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}
    HKEY_CLASSES_ROOT\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}
    HKEY_CLASSES_ROOT\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}
    HKEY_CLASSES_ROOT\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}
    HKEY_CLASSES_ROOT\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}
    HKEY_CLASSES_ROOT\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}
    HKEY_CLASSES_ROOT\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}
    HKEY_CLASSES_ROOT\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}
    HKEY_CLASSES_ROOT\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}
    HKEY_CLASSES_ROOT\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}
    HKEY_CLASSES_ROOT\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}
    HKEY_CLASSES_ROOT\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}
    HKEY_CLASSES_ROOT\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}
    HKEY_CLASSES_ROOT\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}
    HKEY_CLASSES_ROOT\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}
    HKEY_CLASSES_ROOT\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}
    HKEY_CLASSES_ROOT\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}
    HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareQuake.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareQuake
    HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake
  3. Adds the value:

    "SpywareQuake" = "%ProgramFiles%\SpywareQuake\SpywareQuake.exe /h"
    "Spyware Quake" = "%ProgramFiles%\SpywareQuake\SpywareQuake.exe /h"

    to the registry subkey

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time Windows starts.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS