1. /
  2. Security Response/
  3. AntiSpyGuard

AntiSpyGuard

Updated:
October 31, 2007 12:39:36 PM
Type:
Misleading Application
Name:
AntiSpyGuard
Risk Impact:
High
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior:
This program must be manually installed.

When the program is executed, it creates files on the computer and then identifies the files as malicious during a system scan. The program reports that the files cannot be removed without purchasing the full version of the application.





The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.





Installation:
When the program is executed, it creates the following files:
  • %UserProfile%\Cookies\syssp.exe
  • %UserProfile%\Local Settings\Temp\tmpFile1.exe
  • %UserProfile%\Local Settings\Temp\tmpFile1.tmp
  • %UserProfile%\Local Settings\Temp\tmpFile2.ini
  • %UserProfile%\Local Settings\Temp\tmpFile2.tmp
  • C:\Documents and Settings\All Users\Desktop\AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyGuard 2007\AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyGuard 2007\Uninstall AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\AntiSpyGuard 2007.lnk
  • %ProgramFiles%\AntiSpyGuard 2007\AntiSpyGuard.exe
  • %ProgramFiles%\AntiSpyGuard 2007\asgengine.exe
  • %ProgramFiles%\AntiSpyGuard 2007\asgenglib.dll
  • %ProgramFiles%\AntiSpyGuard 2007\ASGServ.exe
  • %ProgramFiles%\AntiSpyGuard 2007\fres.ini
  • %ProgramFiles%\AntiSpyGuard 2007\pthreadVC2.dll
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\normalsys.scl
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\quicksys.scl
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\remove.scl
  • %ProgramFiles%\AntiSpyGuard 2007\startup.ini
  • %ProgramFiles%\AntiSpyGuard 2007\stat.ini
  • %ProgramFiles%\AntiSpyGuard 2007\UnInstall.exe
  • %ProgramFiles%\AntiSpyGuard 2007\vars.ini
  • %ProgramFiles%\AntiSpyGuard 2007\verinfo.ini
  • %System%\scaner.exe
  • %Windir%\svshost.exe


It also creates the following folders:
  • %ProgramFiles%\AntiSpyGuard 2007\db
  • %ProgramFiles%\AntiSpyGuard 2007\tmp


Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiSpyGuard" = ""C:\Program Files\AntiSpyGuard 2007\AntiSpyGuard.exe" -AUTORUN"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AntiSpyGuard" = ""C:\Program Files\AntiSpyGuard 2007\AntiSpyGuard.exe" -AUTORUN"


It then creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyGuard
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyGuard 2007
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASGService
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver