1. Symantec/
  2. Security Response/
  3. AntiSpyGuard


October 31, 2007 12:39:36 PM
Misleading Application
Risk Impact:
Systems Affected:
This program must be manually installed.

When the program is executed, it creates files on the computer and then identifies the files as malicious during a system scan. The program reports that the files cannot be removed without purchasing the full version of the application.

The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.

When the program is executed, it creates the following files:
  • %UserProfile%\Cookies\syssp.exe
  • %UserProfile%\Local Settings\Temp\tmpFile1.exe
  • %UserProfile%\Local Settings\Temp\tmpFile1.tmp
  • %UserProfile%\Local Settings\Temp\tmpFile2.ini
  • %UserProfile%\Local Settings\Temp\tmpFile2.tmp
  • C:\Documents and Settings\All Users\Desktop\AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyGuard 2007\AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyGuard 2007\Uninstall AntiSpyGuard 2007.lnk
  • C:\Documents and Settings\All Users\Start Menu\AntiSpyGuard 2007.lnk
  • %ProgramFiles%\AntiSpyGuard 2007\AntiSpyGuard.exe
  • %ProgramFiles%\AntiSpyGuard 2007\asgengine.exe
  • %ProgramFiles%\AntiSpyGuard 2007\asgenglib.dll
  • %ProgramFiles%\AntiSpyGuard 2007\ASGServ.exe
  • %ProgramFiles%\AntiSpyGuard 2007\fres.ini
  • %ProgramFiles%\AntiSpyGuard 2007\pthreadVC2.dll
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\normalsys.scl
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\quicksys.scl
  • %ProgramFiles%\AntiSpyGuard 2007\scanlists\remove.scl
  • %ProgramFiles%\AntiSpyGuard 2007\startup.ini
  • %ProgramFiles%\AntiSpyGuard 2007\stat.ini
  • %ProgramFiles%\AntiSpyGuard 2007\UnInstall.exe
  • %ProgramFiles%\AntiSpyGuard 2007\vars.ini
  • %ProgramFiles%\AntiSpyGuard 2007\verinfo.ini
  • %System%\scaner.exe
  • %Windir%\svshost.exe

It also creates the following folders:
  • %ProgramFiles%\AntiSpyGuard 2007\db
  • %ProgramFiles%\AntiSpyGuard 2007\tmp

Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiSpyGuard" = ""C:\Program Files\AntiSpyGuard 2007\AntiSpyGuard.exe" -AUTORUN"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AntiSpyGuard" = ""C:\Program Files\AntiSpyGuard 2007\AntiSpyGuard.exe" -AUTORUN"

It then creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyGuard 2007
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASGService
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube