1. Symantec/
  2. Security Response/
  3. AntiSpyGuard


October 31, 2007 12:39:36 PM
Misleading Application
Risk Impact:
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
This program must be manually installed.

When the program is executed, it creates files on the computer and then identifies the files as malicious during a system scan. The program reports that the files cannot be removed without purchasing the full version of the application.

The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.

When the program is executed, it creates the following files:
  • %UserProfile%\Cookies\syssp.exe
  • %UserProfile%\Local Settings\Temp\tmpFile1.exe
  • %UserProfile%\Local Settings\Temp\tmpFile1.tmp
  • %UserProfile%\Local Settings\Temp\tmpFile2.ini
  • %UserProfile%\Local Settings\Temp\tmpFile2.tmp
  • C:\Documents and Settings\All Users\Desktop\AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyGuard 2007\AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyGuard 2007\Uninstall AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\AntiSpyGuard 2007.lnk
  • %ProgramFiles%\AntiSpyGuard 2007\AntiSpyGuard.exe
  • %ProgramFiles%\AntiSpyGuard 2007\asgengine.exe
  • %ProgramFiles%\AntiSpyGuard 2007\asgenglib.dll
  • %ProgramFiles%\AntiSpyGuard 2007\ASGServ.exe
  • %ProgramFiles%\AntiSpyGuard 2007\fres.ini
  • %ProgramFiles%\AntiSpyGuard 2007\pthreadVC2.dll
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\normalsys.scl
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\quicksys.scl
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\remove.scl
  • %ProgramFiles%\AntiSpyGuard 2007\startup.ini
  • %ProgramFiles%\AntiSpyGuard 2007\stat.ini
  • %ProgramFiles%\AntiSpyGuard 2007\UnInstall.exe
  • %ProgramFiles%\AntiSpyGuard 2007\vars.ini
  • %ProgramFiles%\AntiSpyGuard 2007\verinfo.ini
  • %System%\scaner.exe
  • %Windir%\svshost.exe

It also creates the following folders:
  • %ProgramFiles%\AntiSpyGuard 2007\db
  • %ProgramFiles%\AntiSpyGuard 2007\tmp

Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiSpyGuard" = ""C:\Program Files\AntiSpyGuard 2007\AntiSpyGuard.exe" -AUTORUN"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AntiSpyGuard" = ""C:\Program Files\AntiSpyGuard 2007\AntiSpyGuard.exe" -AUTORUN"

It then creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyGuard 2007
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASGService
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube