1. /
  2. Security Response/
  3. AntispywareSoldier

AntispywareSoldier

Updated:
May 23, 2007 3:35:31 PM
Type:
Misleading Application
Name:
SpywareKnight
Risk Impact:
Medium
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000
Once executed, the risk creates the following files:
  • %ProgramFiles%\Antispyware Soldier\Antispyware Soldier on the Web.lnk
  • %ProgramFiles%\Antispyware Soldier\Antispyware Soldier.lnk
  • %ProgramFiles%\Antispyware Soldier\Uninstall Antispyware Soldier.lnk
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
  • %UserProfile%\Desktop\Antispyware Soldier.lnk
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\run_backup
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\snapshots\XXXXXXXX.filesnap
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\adesktop_dg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\explorer_dg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\fg_files.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\fg_folders.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\hijack.patterns
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\hijack.places
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\ie_dg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\ie_rg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\known.db
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\rgexplorer_rg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\rgmisc_rg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\runcu_sg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\runlm_sg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\spyware.db
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\system_dg.list
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\DB\tracks.db
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\Logs\XX_XX_XXXX_XX_XX_XX_XXX.log
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\Quarantine
  • %UserProfile%\Local Settings\Application Data\AntispywareSoldier\Settings\settings.txt
  • %UserProfile%\Start Menu\Programs\Startup\antispysoldier.lnk
  • %ProgramFiles%\Antispyware Soldier\interface\English.lng
  • %ProgramFiles%\Antispyware Soldier\sounds\crit.wav
  • %ProgramFiles%\Antispyware Soldier\antispysoldier.exe
  • %ProgramFiles%\Antispyware Soldier\antispysoldier.url
  • %ProgramFiles%\Antispyware Soldier\bz.dll
  • %ProgramFiles%\Antispyware Soldier\pkill.exe
  • %ProgramFiles%\Antispyware Soldier\unins000.dat
  • %ProgramFiles%\Antispyware Soldier\unins000.exe


It then creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soldier_is1
HKEY_CURRENT_USER\Software\ADV

The risk then displays message boxes giving exaggerated reports of the presence of a nonexistent threat called win32.trojan.dropper on the computer, urging the user to purchase a registered version of the software.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver