1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP PrivacyKit Activity

HTTP PrivacyKit Activity

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects activities of misleading application PrivacyKit.

Additional Information

PrivacyKit is a misleading application described as a privacy risk removal utility that may give exaggerated reports about potential risks on the computer.

When the program is executed, it creates the following files:
C:\Documents and Settings\'current user'\Application Data\Microsoft\Internet Explorer\Quick Launch\PrivacyKit.lnk
C:\Documents and Settings\'current user'\Desktop\PrivacyKit.lnk
C:\Documents and Settings\'current user'\Local Settings\Application Data\PrivacyKit\log
C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyKit\PrivacyKit on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyKit\PrivacyKit.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyKit\Uninstall PrivacyKit.lnk
C:\Program Files\PrivacyKit\interface\English.lng
C:\Program Files\PrivacyKit\pkill.exe
C:\Program Files\PrivacyKit\Plugins\browsers\ebay_tb.en
C:\Program Files\PrivacyKit\Plugins\browsers\ebay_tb.js
C:\Program Files\PrivacyKit\Plugins\browsers\googl.en
C:\Program Files\PrivacyKit\Plugins\browsers\googl_10.en
C:\Program Files\PrivacyKit\Plugins\browsers\googl_10.js
C:\Program Files\PrivacyKit\Plugins\browsers\googl_11.en
C:\Program Files\PrivacyKit\Plugins\browsers\googl_11.js
C:\Program Files\PrivacyKit\Plugins\browsers\googl_deskbar.en
C:\Program Files\PrivacyKit\Plugins\browsers\googl_deskbar.js
C:\Program Files\PrivacyKit\Plugins\browsers\groups.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie.bmp
C:\Program Files\PrivacyKit\Plugins\browsers\ie7_autocomplete.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie7_autocomplete.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_autocomplete.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_autocomplete.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_bho.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_bho.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_cache.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_cache.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_cookies.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_cookies.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_ext.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_ext.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_favorites.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_favorites.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_history.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_history.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_menuext.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_menuext.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_pubwiz.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_pubwiz.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_sassist.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_sassist.js
C:\Program Files\PrivacyKit\Plugins\browsers\ie_typedurls.en
C:\Program Files\PrivacyKit\Plugins\browsers\ie_typedurls.js
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla.bmp
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla.en
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_bookmarks.en
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_bookmarks.js
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_cookies.en
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_cookies.js
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_formhistory.en
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_formhistory.js
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_lochistory.en
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_lochistory.js
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_signons.en
C:\Program Files\PrivacyKit\Plugins\browsers\mozilla_signons.js
C:\Program Files\PrivacyKit\Plugins\browsers\msn_tb.en
C:\Program Files\PrivacyKit\Plugins\browsers\msn_tb.js
C:\Program Files\PrivacyKit\Plugins\browsers\opera.bmp
C:\Program Files\PrivacyKit\Plugins\browsers\opera.en
C:\Program Files\PrivacyKit\Plugins\browsers\opera_autocomplete.en
C:\Program Files\PrivacyKit\Plugins\browsers\opera_autocomplete.js
C:\Program Files\PrivacyKit\Plugins\browsers\opera_bookmarks.en
C:\Program Files\PrivacyKit\Plugins\browsers\opera_bookmarks.js
C:\Program Files\PrivacyKit\Plugins\browsers\opera_cache.en
C:\Program Files\PrivacyKit\Plugins\browsers\opera_cache.js
C:\Program Files\PrivacyKit\Plugins\browsers\opera_contacts.en
C:\Program Files\PrivacyKit\Plugins\browsers\opera_contacts.js
C:\Program Files\PrivacyKit\Plugins\browsers\opera_cookies.en
C:\Program Files\PrivacyKit\Plugins\browsers\opera_cookies.js
C:\Program Files\PrivacyKit\Plugins\browsers\opera_history.en
C:\Program Files\PrivacyKit\Plugins\browsers\opera_history.js
C:\Program Files\PrivacyKit\Plugins\browsers\tb_googl.bmp
C:\Program Files\PrivacyKit\Plugins\browsers\tb_yahoo.bmp
C:\Program Files\PrivacyKit\Plugins\browsers\tb_yahoo.en
C:\Program Files\PrivacyKit\Plugins\browsers\yahoo_mess.en
C:\Program Files\PrivacyKit\Plugins\browsers\yahoo_mess.js
C:\Program Files\PrivacyKit\Plugins\browsers\yahoo_tb.en
C:\Program Files\PrivacyKit\Plugins\browsers\yahoo_tb.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee30_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee30_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee40_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee40_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee50_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee50_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee60_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee60_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee70_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee70_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee80_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acdsee80_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acroread40_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acroread40_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acroread50_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acroread50_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\acroread60_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\acroread60_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\aftp_rhistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\aftp_rhistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\aim60.bmp
C:\Program Files\PrivacyKit\Plugins\msoffice\aim60.en
C:\Program Files\PrivacyKit\Plugins\msoffice\aim60.js
C:\Program Files\PrivacyKit\Plugins\msoffice\aph60_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\aph60_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\aph70_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\aph70_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\axiaw_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\axiaw_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\ccftp_rhistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\ccftp_rhistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\ccga_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\ccga_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\cftphe_rhistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\cftphe_rhistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\cftppe_rhistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\cftppe_rhistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\cftp_rhistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\cftp_rhistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\divx.en
C:\Program Files\PrivacyKit\Plugins\msoffice\divx.js
C:\Program Files\PrivacyKit\Plugins\msoffice\dm.en
C:\Program Files\PrivacyKit\Plugins\msoffice\dm.js
C:\Program Files\PrivacyKit\Plugins\msoffice\frontpage_mru.en
C:\Program Files\PrivacyKit\Plugins\msoffice\frontpage_mru.js
C:\Program Files\PrivacyKit\Plugins\msoffice\gr.en
C:\Program Files\PrivacyKit\Plugins\msoffice\gr.js
C:\Program Files\PrivacyKit\Plugins\msoffice\groups.en
C:\Program Files\PrivacyKit\Plugins\msoffice\htmlhelp_cfiles_mru.en
C:\Program Files\PrivacyKit\Plugins\msoffice\htmlhelp_cfiles_mru.js
C:\Program Files\PrivacyKit\Plugins\msoffice\htmlhelp_pfiles_mru.en
C:\Program Files\PrivacyKit\Plugins\msoffice\htmlhelp_pfiles_mru.js
C:\Program Files\PrivacyKit\Plugins\msoffice\htmlhelp_rfiles_mru.en
C:\Program Files\PrivacyKit\Plugins\msoffice\htmlhelp_rfiles_mru.js
C:\Program Files\PrivacyKit\Plugins\msoffice\icq2002a.en
C:\Program Files\PrivacyKit\Plugins\msoffice\icq2002a.js
C:\Program Files\PrivacyKit\Plugins\msoffice\icq2003a.en
C:\Program Files\PrivacyKit\Plugins\msoffice\icq2003a.js
C:\Program Files\PrivacyKit\Plugins\msoffice\icq2003b.en
C:\Program Files\PrivacyKit\Plugins\msoffice\icq2003b.js
C:\Program Files\PrivacyKit\Plugins\msoffice\im.bmp
C:\Program Files\PrivacyKit\Plugins\msoffice\innosetup_mru.en
C:\Program Files\PrivacyKit\Plugins\msoffice\innosetup_mru.js
C:\Program Files\PrivacyKit\Plugins\msoffice\mdw30.en
C:\Program Files\PrivacyKit\Plugins\msoffice\mdw30.js
C:\Program Files\PrivacyKit\Plugins\msoffice\mdw40.en
C:\Program Files\PrivacyKit\Plugins\msoffice\mdw40.js
C:\Program Files\PrivacyKit\Plugins\msoffice\mdwmx.en
C:\Program Files\PrivacyKit\Plugins\msoffice\mdwmx.js
C:\Program Files\PrivacyKit\Plugins\msoffice\mfmx.en
C:\Program Files\PrivacyKit\Plugins\msoffice\mfmx.js
C:\Program Files\PrivacyKit\Plugins\msoffice\mfwmx.en
C:\Program Files\PrivacyKit\Plugins\msoffice\mfwmx.js
C:\Program Files\PrivacyKit\Plugins\msoffice\miranda.bmp
C:\Program Files\PrivacyKit\Plugins\msoffice\miranda.en
C:\Program Files\PrivacyKit\Plugins\msoffice\miranda.js
C:\Program Files\PrivacyKit\Plugins\msoffice\mphe30_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\mphe30_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\msnm_rf.en
C:\Program Files\PrivacyKit\Plugins\msoffice\msnm_rf.js
C:\Program Files\PrivacyKit\Plugins\msoffice\nerobr_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\nerobr_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\oe.bmp
C:\Program Files\PrivacyKit\Plugins\msoffice\oe.en
C:\Program Files\PrivacyKit\Plugins\msoffice\oe_dbx.en
C:\Program Files\PrivacyKit\Plugins\msoffice\oe_dbx.js
C:\Program Files\PrivacyKit\Plugins\msoffice\picozip_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\picozip_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\vdub_mru.en
C:\Program Files\PrivacyKit\Plugins\msoffice\vdub_mru.js
C:\Program Files\PrivacyKit\Plugins\msoffice\wa.en
C:\Program Files\PrivacyKit\Plugins\msoffice\wa.js
C:\Program Files\PrivacyKit\Plugins\msoffice\wace_mru.en
C:\Program Files\PrivacyKit\Plugins\msoffice\wace_mru.js
C:\Program Files\PrivacyKit\Plugins\msoffice\winace_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\winace_history.js
C:\Program Files\PrivacyKit\Plugins\msoffice\wrar_archistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\wrar_archistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\wrar_dialogedithistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\wrar_dialogedithistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\wzip_archistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\wzip_archistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\wzip_dirhistory.en
C:\Program Files\PrivacyKit\Plugins\msoffice\wzip_dirhistory.js
C:\Program Files\PrivacyKit\Plugins\msoffice\za_logs.en
C:\Program Files\PrivacyKit\Plugins\msoffice\za_logs.js
C:\Program Files\PrivacyKit\Plugins\msoffice\zipmagic_history.en
C:\Program Files\PrivacyKit\Plugins\msoffice\zipmagic_history.js
C:\Program Files\PrivacyKit\Plugins\windows\e_compdesc.en
C:\Program Files\PrivacyKit\Plugins\windows\e_compdesc.js
C:\Program Files\PrivacyKit\Plugins\windows\e_lastvisitedmru.en
C:\Program Files\PrivacyKit\Plugins\windows\e_lastvisitedmru.js
C:\Program Files\PrivacyKit\Plugins\windows\e_logonuname.en
C:\Program Files\PrivacyKit\Plugins\windows\e_logonuname.js
C:\Program Files\PrivacyKit\Plugins\windows\e_mapnetdrivemru.en
C:\Program Files\PrivacyKit\Plugins\windows\e_mapnetdrivemru.js
C:\Program Files\PrivacyKit\Plugins\windows\e_opensavemru.en
C:\Program Files\PrivacyKit\Plugins\windows\e_opensavemru.js
C:\Program Files\PrivacyKit\Plugins\windows\e_openwithhist.en
C:\Program Files\PrivacyKit\Plugins\windows\e_openwithhist.js
C:\Program Files\PrivacyKit\Plugins\windows\e_recentdocs.en
C:\Program Files\PrivacyKit\Plugins\windows\e_recentdocs.js
C:\Program Files\PrivacyKit\Plugins\windows\e_run.en
C:\Program Files\PrivacyKit\Plugins\windows\e_run.js
C:\Program Files\PrivacyKit\Plugins\windows\e_streammru.en
C:\Program Files\PrivacyKit\Plugins\windows\e_streammru.js
C:\Program Files\PrivacyKit\Plugins\windows\e_userassist.en
C:\Program Files\PrivacyKit\Plugins\windows\e_userassist.js
C:\Program Files\PrivacyKit\Plugins\windows\e_wallpapermru.en
C:\Program Files\PrivacyKit\Plugins\windows\e_wallpapermru.js
C:\Program Files\PrivacyKit\Plugins\windows\e_wgcrawlerprinters.en
C:\Program Files\PrivacyKit\Plugins\windows\e_wgcrawlerprinters.js
C:\Program Files\PrivacyKit\Plugins\windows\e_wgcrawlershares.en
C:\Program Files\PrivacyKit\Plugins\windows\e_wgcrawlershares.js
C:\Program Files\PrivacyKit\Plugins\windows\groups.en
C:\Program Files\PrivacyKit\Plugins\windows\t_bitbucket.en
C:\Program Files\PrivacyKit\Plugins\windows\t_bitbucket.js
C:\Program Files\PrivacyKit\Plugins\windows\t_temp.en
C:\Program Files\PrivacyKit\Plugins\windows\t_temp.js
C:\Program Files\PrivacyKit\Plugins\windows\w_arpcache.en
C:\Program Files\PrivacyKit\Plugins\windows\w_arpcache.js
C:\Program Files\PrivacyKit\Plugins\windows\w_bagmru.en
C:\Program Files\PrivacyKit\Plugins\windows\w_bagmru.js
C:\Program Files\PrivacyKit\Plugins\windows\w_muicache.en
C:\Program Files\PrivacyKit\Plugins\windows\w_muicache.js
C:\Program Files\PrivacyKit\privacykit.exe
C:\Program Files\PrivacyKit\privacykit.url
C:\Program Files\PrivacyKit\unins000.dat
C:\Program Files\PrivacyKit\unins000.exe

Next, the program creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrivacyKit_is1

Affected

  • Windows 98
  • Windows 95
  • Windows XP
  • Windows Me
  • Windows Vista
  • Windows NT
  • Windows Server 2003
  • Windows 2000

Response

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube