1. /
  2. Security Response/
  3. AdwareSpy

AdwareSpy

Updated:
February 13, 2007 11:49:41 AM
Type:
Misleading Application
Infection Length:
882176
Version:
4.0
Publisher:
Adwarespy.com
Risk Impact:
Medium
File Names:
AdwareSpy4.exe AdwareSpy.chm AdwareSpy.dll
Systems Affected:
Windows 2000, Windows NT, Windows XP

When AdwareSpy is executed, it performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\AdwareSpy\AdwareSpy.chm
    • %ProgramFiles%\AdwareSpy\AdwareSpy.dll
    • %ProgramFiles%\AdwareSpy\AdwareSpy4.exe
    • %ProgramFiles%\AdwareSpy\allowedlist.lst
    • %ProgramFiles%\AdwareSpy\deniedlist.lst
    • %ProgramFiles%\AdwareSpy\dp.xml
    • %ProgramFiles%\AdwareSpy\HookProcessCreation.dll
    • %ProgramFiles%\AdwareSpy\Media\unidentified.jpg
    • %ProgramFiles%\AdwareSpy\prefs.dat
    • %ProgramFiles%\AdwareSpy\Reference.dat
    • %ProgramFiles%\AdwareSpy\unins000.dat
    • %ProgramFiles%\AdwareSpy\unins000.exe
    • %UserProfile%\Desktop\AdwareSpy.lnk
    • %UserProfile%\Start Menu\Programs\AdwareSpy\AdwareSpy.lnk
    • %UserProfile%\Start Menu\Programs\AdwareSpy\Help Manual.lnk

      Notes:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwareSpy_is1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}


  3. Adds the value:

    "AdwareSpy" = "%ProgramFiles%\AdwareSpy\AdwareSpy4.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it is executed every time Windows starts.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver