1. /
  2. Security Response/
  3. AntiSpywareShield

AntiSpywareShield

Updated:
September 13, 2007 11:23:32 AM
Type:
Misleading Application
Name:
AntiSpywareShield
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior:
This program must be manually installed.

When it is executed and a scan is run, it scans the computer and displays exaggerated reports of errors on the computer.





The user is then prompted to pay for a full license of the application in order to remove the fake threat.





Installation:
When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\AntiSpywareShield.lnk
  • %UserProfile%\Start Menu\Programs\AntiSpywareShield\AntiSpywareShield.lnk
  • %ProgramFiles%\AntiSpywareShield\AntiSpywareShield.exe
  • %ProgramFiles%\AntiSpywareShield\AntiSpywareShield0.dll
  • %ProgramFiles%\AntiSpywareShield\AntiSpywareShield1.dll
  • %ProgramFiles%\AntiSpywareShield\AntiSpywareShield3.dll
  • %ProgramFiles%\AntiSpywareShield\AntiSpywareShield.lic
  • %ProgramFiles%\AntiSpywareShield\AntiSpywareShield0.ad
  • %ProgramFiles%\AntiSpywareShield\AntiSpywareShield1.ad
  • %ProgramFiles%\AntiSpywareShield\uninstall.exe
  • %UserProfile%\Start Menu\Programs\AntiSpywareShield\Uninstall.lnk


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AntiSpywareShield" = "C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe"

It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\AntiSpywareShield
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpywareShield



Similar Security Risks:

DrAntiSpy





MalwareAlarm


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver