1. /
  2. Security Response/
  3. SpywareSecure

SpywareSecure

Updated:
September 17, 2007 8:19:27 PM
Type:
Misleading Application
Name:
SpywareSecure
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior:
This program must be manually installed.

When the program is executed, it may give exaggerated reports of threats on the computer.




The user is then prompted to pay for a full license of the application in order to remove the falsely identified threats.





Installation:
When the program is executed, it creates the following folders:
  • %UserProfile%\Spyware-Secure
  • %ProgramFiles%\Spyware-Secure
  • %ProgramFiles%\Spyware-Secure\help
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\EN
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\rubs
  • %ProgramFiles%\Spyware-Secure\resources


It also creates the following files:
  • %UserProfile%\Desktop\Spyware-Secure.lnk
  • %UserProfile%\Spyware-Secure\Spyware-Secure.lnk
  • %UserProfile%\Spyware-Secure\Website.lnk
  • %ProgramFiles%\Spyware-Secure\config.s3db
  • %ProgramFiles%\Spyware-Secure\Gfx_en.bin
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\explo_intro.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\explo_menu.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\file.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\fleche.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\folder.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\folder_f.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\folder_o.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\EN\dowload-file-antispyware.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\EN\menu.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\EN\scstep2.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\fleche.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\folder.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\key.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\menu.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\support.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\images\title-hepfile.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\index.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\menu.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\menu3.js
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\rubs\3differentscan.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\rubs\contactus.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\rubs\found-objects.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\rubs\lexic.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\rubs\navigtabs.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\rubs\register.htm
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\spy.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\trait_coud.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\trait_droit.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN\trait_vert.gif
  • %ProgramFiles%\Spyware-Secure\help\help_Trial_EN.zip
  • %ProgramFiles%\Spyware-Secure\language
  • %ProgramFiles%\Spyware-Secure\resources\cookies_1-8.dat
  • %ProgramFiles%\Spyware-Secure\resources\filesDesc_1-8.dat
  • %ProgramFiles%\Spyware-Secure\resources\filesDesc_1-8.dic
  • %ProgramFiles%\Spyware-Secure\resources\filesExt_1-8.dat
  • %ProgramFiles%\Spyware-Secure\resources\filesMulti_1-8.idx
  • %ProgramFiles%\Spyware-Secure\resources\filesSimple_1-8.idx
  • %ProgramFiles%\Spyware-Secure\resources\malwaresDB_1-8
  • %ProgramFiles%\Spyware-Secure\resources\register_1-8.dat
  • %ProgramFiles%\Spyware-Secure\skin
  • %ProgramFiles%\Spyware-Secure\Spyware-Secure.url
  • %ProgramFiles%\Spyware-Secure\Spyware-Secure_trial.exe
  • %ProgramFiles%\Spyware-Secure\sqlite3.dll
  • %ProgramFiles%\Spyware-Secure\uninst.exe
  • %ProgramFiles%\Spyware-Secure\unrar.dll
  • %Windir%\Temp\NSIS_SpywareSecure_trial_setup.exe
  • %Windir%\pack.epk


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Spyware-Secure" = "C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe"

The program creates the following registry subkeys:
  • HKEY_USERS\[ALL USERS]\Software\epk_extr
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure\Spyware-Secure\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware-Secure
  • HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver