Updated: February 13, 2007 11:49:25 AM
Type: Misleading Application
Publisher: Spyviper.com
Risk Impact: Medium
File Names: SpyViperDemo.msi SpyViperDemo.exe Apprestart.exe
Systems Affected: Windows

Behavior


SpyViper is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.

Symptoms


Your Symantec program detects SpyViper.

Transmission


This security risk is manually downloaded and installed.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version October 02, 2014 revision 022
  • Initial Daily Certified version April 05, 2006
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date April 05, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Updated: February 13, 2007 11:49:25 AM
Type: Misleading Application
Publisher: Spyviper.com
Risk Impact: Medium
File Names: SpyViperDemo.msi SpyViperDemo.exe Apprestart.exe
Systems Affected: Windows


When ScanandRepair is installed, it performs the following actions:

  1. Creates the following folder:

    %ProgramFiles%\SpyViper Demo

    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following files:

    • C:\Program Files\SpyViper Demo\AppRestart.exe
    • C:\Program Files\SpyViper Demo\BlockedCookies.dat
    • C:\Program Files\SpyViper Demo\ExeDefinition.dat
    • C:\Program Files\SpyViper Demo\FileDefinition.dat
    • C:\Program Files\SpyViper Demo\help.chm
    • C:\Program Files\SpyViper Demo\RegistryDefinition.dat
    • C:\Program Files\SpyViper Demo\riched32.dll
    • C:\Program Files\SpyViper Demo\Scan_Log.txt
    • C:\Program Files\SpyViper Demo\SpyViper.com.url
    • C:\Program Files\SpyViper Demo\SpyViperDemo.exe
    • C:\WINDOWS\Installer\[random ].msi
    • C:\WINDOWS\system32\actskn43.ocx
    • C:\WINDOWS\system32\mscomct2.ocx
    • C:\WINDOWS\system32\mscomctl.ocx
    • C:\WINDOWS\system32\richtx32.ocx
    • C:\WINDOWS\system32\skinboxer43.dll
    • C:\WINDOWS\system32\tabctl32.ocx
    • C:\Documents and Settings\Administrator\Desktop\SpyViper Demo.lnk
    • C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\SpyViper Demo\Readme-Help.lnk
    • C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\SpyViper Demo\SpyViper Demo.lnk
    • C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\SpyViper Demo\SpyViper.com.url
    • C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{7D77157C-CB0B-443B-A62A-8BCA496BA488}\[random].exe

  3. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DE3CB23B70E487F42BC60E58932FB63E
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D77157C-CB0B-443B-A62A-8BCA496BA488}
    HKEY_ALL_USERS\Software\Microsoft\Installer\Features\C75177D7B0BCB3446AA2B8AC94B64A88
    HKEY_ALL_USERS\Software\Microsoft\Installer\Products\C75177D7B0BCB3446AA2B8AC94B64A88
    HKEY_ALL_USERS\Software\Microsoft\Installer\UpgradeCodes\DE3CB23B70E487F42BC60E58932FB63E
    HKEY_LOCAL_MACHINE\SOFTWARE\SpyViper.com
    HKEY_ALL_USERS\Software\UnSpyPC
    HKEY_ALL_USERS\Software\VB and VBA Program Settings\AdwareRemovalSoftware
    HKEY_ALL_USERS\Software\VB and VBA Program Settings\SpyViper

  4. Adds the value:

    "SpyViperDemo" = "C:\Program Files\SpyViper Demo\SpyViperDemo"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it is executed every time Windows starts.

  5. Adds the values:

    "C:\Program Files\SpyViper Demo\" = ""
    "C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\" = ""
    "C:\Documents and Settings\Administrator\Start Menu\Programs\SpyViper.com Software\SpyViper Demo\" = ""
    "C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{7D77157C-CB0B-443B-A62A-8BCA496BA488}" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders


Updated: February 13, 2007 11:49:25 AM
Type: Misleading Application
Publisher: Spyviper.com
Risk Impact: Medium
File Names: SpyViperDemo.msi SpyViperDemo.exe Apprestart.exe
Systems Affected: Windows


The following instructions pertain to all Symantec antivirus products that support security risk detection.

  1. Update the definitions.
  2. Uninstall the security risk.

For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To uninstall the security risk
This security risk includes an uninstallation applet. In order to uninstall this security risk, complete the following instructions:
  1. Click Start > Settings > Control Panel or Start > Control Panel (this varies with the operating system).

  2. In the Control Panel window, double-click Add/Remove Programs.

    Windows Me only: If you do not see the Add/Remove Programs icon, click ...view all Control Panel options.

  3. Click "´SpyViper Demo"

    Note:
    You may need to use the scroll bar to view the whole list.

  4. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

    Note: After running the Add/Remove programs applet, all the files may have been removed. You will want to run a full system scan to ensure that this is the case. However, it is possible that no files will be detected after using Add/Remove programs.