1. /
  2. Security Response/
  3. Spyviper

Spyviper

Updated:
February 13, 2007 11:49:25 AM
Type:
Misleading Application
Publisher:
Spyviper.com
Risk Impact:
Medium
File Names:
SpyViperDemo.msi SpyViperDemo.exe Apprestart.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When ScanandRepair is installed, it performs the following actions:
  1. Creates the following folder:

    %ProgramFiles%\SpyViper Demo

    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following files:

    • C:\Program Files\SpyViper Demo\AppRestart.exe
    • C:\Program Files\SpyViper Demo\BlockedCookies.dat
    • C:\Program Files\SpyViper Demo\ExeDefinition.dat
    • C:\Program Files\SpyViper Demo\FileDefinition.dat
    • C:\Program Files\SpyViper Demo\help.chm
    • C:\Program Files\SpyViper Demo\RegistryDefinition.dat
    • C:\Program Files\SpyViper Demo\riched32.dll
    • C:\Program Files\SpyViper Demo\Scan_Log.txt
    • C:\Program Files\SpyViper Demo\SpyViper.com.url
    • C:\Program Files\SpyViper Demo\SpyViperDemo.exe
    • C:\WINDOWS\Installer\[random ].msi
    • C:\WINDOWS\system32\actskn43.ocx
    • C:\WINDOWS\system32\mscomct2.ocx
    • C:\WINDOWS\system32\mscomctl.ocx
    • C:\WINDOWS\system32\richtx32.ocx
    • C:\WINDOWS\system32\skinboxer43.dll
    • C:\WINDOWS\system32\tabctl32.ocx
    • C:\Documents and Settings\Administrator\Desktop\SpyViper Demo.lnk
    • C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\SpyViper Demo\Readme-Help.lnk
    • C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\SpyViper Demo\SpyViper Demo.lnk
    • C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\SpyViper Demo\SpyViper.com.url
    • C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{7D77157C-CB0B-443B-A62A-8BCA496BA488}\[random].exe

  3. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DE3CB23B70E487F42BC60E58932FB63E
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D77157C-CB0B-443B-A62A-8BCA496BA488}
    HKEY_ALL_USERS\Software\Microsoft\Installer\Features\C75177D7B0BCB3446AA2B8AC94B64A88
    HKEY_ALL_USERS\Software\Microsoft\Installer\Products\C75177D7B0BCB3446AA2B8AC94B64A88
    HKEY_ALL_USERS\Software\Microsoft\Installer\UpgradeCodes\DE3CB23B70E487F42BC60E58932FB63E
    HKEY_LOCAL_MACHINE\SOFTWARE\SpyViper.com
    HKEY_ALL_USERS\Software\UnSpyPC
    HKEY_ALL_USERS\Software\VB and VBA Program Settings\AdwareRemovalSoftware
    HKEY_ALL_USERS\Software\VB and VBA Program Settings\SpyViper

  4. Adds the value:

    "SpyViperDemo" = "C:\Program Files\SpyViper Demo\SpyViperDemo"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it is executed every time Windows starts.

  5. Adds the values:

    "C:\Program Files\SpyViper Demo\" = ""
    "C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\" = ""
    "C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\SpyViper Demo\" = ""
    "C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{7D77157C-CB0B-443B-A62A-8BCA496BA488}" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver