1. Symantec/
  2. Security Response/
  3. AntiVirusAndSpyware

AntiVirusAndSpyware

Updated:
July 18, 2007 4:19:23 PM
Type:
Misleading Application
Name:
Anti-Virus&Spyware
Version:
4.72
Publisher:
Your-Soft
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
This program must be manually installed on the computer.

When the application is executed, the main window displays the following message:
Found Virus!! Please register to remove it.
Anti-Virus and Spyware started!



The program falsely reports some legitimate programs as threats on the computer. For example, the program lists Adobe Acrobat Reader as a BHO.



The program prompts the user to purchase a full version of the software in order to remove the falsely detected threats from the computer.


Installation
When the program is installed, it creates the following files:
  • %ProgramFiles%\Anti-Virus&Spyware\Anti-Virus.exe
  • %ProgramFiles%\Anti-Virus&Spyware\Anti_Virus Help.chm
  • %ProgramFiles%\Anti-Virus&Spyware\EGhostLog.txt
  • %ProgramFiles%\Anti-Virus&Spyware\hook.dll
  • %ProgramFiles%\Anti-Virus&Spyware\Products.htm
  • %ProgramFiles%\Anti-Virus&Spyware\SkinPlusPlusDLL.dll
  • %ProgramFiles%\Anti-Virus&Spyware\unins000.dat
  • %ProgramFiles%\Anti-Virus&Spyware\unins000.exe
  • %ProgramFiles%\Anti-Virus&Spyware\virus.update
  • %ProgramFiles%\Anti-Virus&Spyware\Visit Our Site.url
  • %ProgramFiles%\Anti-Virus&Spyware\XPCorona.ssk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Anti-Virus&Spyware.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Spyware\Anti-Virus&Spyware.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Spyware\Help.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Spyware\Our Products.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Spyware\Uninstall.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Spyware\Visit Our Site.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus&Spyware.lnk


It also creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ete\Extension\{223bd3fe-342e-ffae-3c9f-fe62375679e1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Virus&Spyware_is1


Similar Security Risks
The following is a list of names of security risks that may function in a similar manner to this misleading application:
  • TrojanGuarder
  • AntiVirusAndTrojan
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube