1. Symantec/
  2. Security Response/
  3. SuperSpywareKiller

SuperSpywareKiller

Updated:
December 18, 2007 4:17:49 PM
Type:
Misleading Application
Name:
SuperSpywareKiller
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

It reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\SuperSpywareKiller.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\SuperSpywareKiller\SpyKiller.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\SuperSpywareKiller\SuperSpywareKiller on the Web.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\SuperSpywareKiller\Uninstall SuperSpywareKiller.lnk
  • %ProgramFiles%\SuperSpywareKiller\data\Code
  • %ProgramFiles%\SuperSpywareKiller\data\Cookiescode
  • %ProgramFiles%\SuperSpywareKiller\data\diskfile
  • %ProgramFiles%\SuperSpywareKiller\data\Process
  • %ProgramFiles%\SuperSpywareKiller\data\registry
  • %ProgramFiles%\SuperSpywareKiller\ProcProtect.dll
  • %ProgramFiles%\SuperSpywareKiller\skUpdate.exe
  • %ProgramFiles%\SuperSpywareKiller\SpyKiller.exe
  • %ProgramFiles%\SuperSpywareKiller\SuperSpywareKiller.url
  • %ProgramFiles%\SuperSpywareKiller\unins000.dat
  • %ProgramFiles%\SuperSpywareKiller\unins000.exe
  • %ProgramFiles%\SuperSpywareKiller\Update.ini


Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Safeguard.exe" = "C:\Program Files\SuperSpywareKiller\Safeguard.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"SpyKiller.exe" = "C:\Program Files\SuperSpywareKiller\SpyKiller.exe"


It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\SpyWareKiller
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SuperSpywareKiller_is1
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube