When AdwareSpy is executed, it performs the following actions:
- Creates the following files:
- %ProgramFiles%\AdwareSpy\AdwareSpy.chm
- %ProgramFiles%\AdwareSpy\AdwareSpy.dll
- %ProgramFiles%\AdwareSpy\AdwareSpy4.exe
- %ProgramFiles%\AdwareSpy\allowedlist.lst
- %ProgramFiles%\AdwareSpy\deniedlist.lst
- %ProgramFiles%\AdwareSpy\dp.xml
- %ProgramFiles%\AdwareSpy\HookProcessCreation.dll
- %ProgramFiles%\AdwareSpy\Media\unidentified.jpg
- %ProgramFiles%\AdwareSpy\prefs.dat
- %ProgramFiles%\AdwareSpy\Reference.dat
- %ProgramFiles%\AdwareSpy\unins000.dat
- %ProgramFiles%\AdwareSpy\unins000.exe
- %UserProfile%\Desktop\AdwareSpy.lnk
- %UserProfile%\Start Menu\Programs\AdwareSpy\AdwareSpy.lnk
- %UserProfile%\Start Menu\Programs\AdwareSpy\Help Manual.lnk
Notes:
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
- Creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwareSpy_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
- Adds the value:
"AdwareSpy" = "%ProgramFiles%\AdwareSpy\AdwareSpy4.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that it is executed every time Windows starts.
