1. /
  2. Security Response/
  3. Antivermins

Antivermins

Updated:
May 31, 2007 6:45:50 PM
Type:
Misleading Application
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When the program is executed, it creates the following files:
  • %ProgramFiles%\antiverminspro\antiverminspro.exe
  • %ProgramFiles%\antiverminspro\antiverminspro.url
  • %ProgramFiles%\antiverminspro\av.dat
  • %ProgramFiles%\antiverminspro\blacklist.txt
  • %ProgramFiles%\antiverminspro\lang
  • %ProgramFiles%\antiverminspro\lang\english.ini
  • %ProgramFiles%\antiverminspro\logs
  • %ProgramFiles%\antiverminspro\msvcp71.dll
  • %ProgramFiles%\antiverminspro\msvcr71.dll
  • %ProgramFiles%\antiverminspro\uninst.exe
  • %UserProfile%\Application Data\microsoft\internet explorer\quick launch\antiverminspro 2.1.lnk
  • %UserProfile%\Desktop\antiverminspro.lnk
  • %UserProfile%\local settings\temp\averminslang.ini
  • %UserProfile%\local settings\temp\~nsu.tmp\au_.exe
  • %UserProfile%\Start Menu\Programs\antiverminspro\antiverminspro 2.1 website.lnk
  • %UserProfile%\Start Menu\Programs\antiverminspro\antiverminspro 2.1.lnk
  • %UserProfile%\Start Menu\Programs\antiverminspro\uninstall antiverminspro 2.1.lnk
  • %UserProfile%\Start Menu\antiverminspro 2.1.lnk


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\"antiverminspro" = "C:\Program Files\antiverminspro\antiverminspro.exe"

The program also creates the following registry subkeys:
HKEY_CLASSES_ROOT\clsid\{e91b3967-a609-9a18-55ad-c3f4313326d4}
HKEY_CLASSES_ROOT\interface\{029b0f47-a1e0-40e6-b307-68460a49023a}
HKEY_CLASSES_ROOT\interface\{1800688d-06af-4a98-8c4c-c7aa412722f3}
HKEY_CLASSES_ROOT\interface\{28884183-4135-4829-b453-b1bc97f1dbf5}
HKEY_CLASSES_ROOT\interface\{2cfe5925-0b7e-42dc-ad55-058a4a886434}
HKEY_CLASSES_ROOT\interface\{3b660630-d1c2-48f1-9361-0d15a8ceda97}
HKEY_CLASSES_ROOT\interface\{4029ecc1-3945-4029-8779-7998f36fa860}
HKEY_CLASSES_ROOT\interface\{5249de5f-57cf-4cf8-a338-ab543a0a68c7}
HKEY_CLASSES_ROOT\interface\{5ad0cbf4-dfe2-4f0e-b000-153f9b671119}
HKEY_CLASSES_ROOT\interface\{8ab3ec4e-0518-43cd-a5b4-728b19437035}
HKEY_CLASSES_ROOT\interface\{9ed7925a-4da8-4282-be63-105406b455e7}
HKEY_CLASSES_ROOT\interface\{afe41285-05a6-4893-a91a-141df9aa5a41}
HKEY_CLASSES_ROOT\interface\{b04941a5-97bf-46b1-a183-b1f58f287bca}
HKEY_CLASSES_ROOT\interface\{bc252726-fc3b-44d7-9669-6678708d4ee9}
HKEY_CLASSES_ROOT\interface\{d7835b2c-ca9d-4f15-aeb6-c6a497c26815}
HKEY_CLASSES_ROOT\interface\{e094b29f-2545-4149-88ac-7ee26ab8da3c}
HKEY_CLASSES_ROOT\interface\{e1396acc-d091-4d06-90a3-590bfa574ed8}
HKEY_CLASSES_ROOT\typelib\{d45ffa6d-fa2f-4c0f-a291-7b9db5786d48}
HKEY_LOCAL_MACHINE\software\antiverminspro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antiverminspro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antiverminspro
HKEY_LOCAL_MACHINE\software\licenses

Next, the program may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver