1. Symantec/
  2. Security Response/
  3. AntiSpyCheck

AntiSpyCheck

Updated:
January 11, 2008 12:58:40 PM
Type:
Misleading Application
Name:
AntiSpyCheck
Version:
2.1
Publisher:
AntiSpyCheck.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyCheck v2.4.lnk
  • %UserProfile%\Application Data\AdProtect NoSpam\Settings.xml
  • %UserProfile%\Desktop\AntiSpyCheck v2.4.lnk
  • %UserProfile%\Local Settings\Temp\ADPLanguage.ini
  • %UserProfile%\Local Settings\Temp\PLanguage.ini
  • %UserProfile%\Start Menu\Programs\AntiSpyCheck\AntiSpyCheck v2.4 Un-Installer.lnk
  • %UserProfile%\Start Menu\Programs\AntiSpyCheck\AntiSpyCheck v2.4 Website.lnk
  • %UserProfile%\Start Menu\Programs\AntiSpyCheck\AntiSpyCheck v2.4.lnk
  • %UserProfile%\Start Menu\AntiSpyCheck v2.4.lnk
  • %ProgramFiles%\AntiSpyCheck\activex.db
  • %ProgramFiles%\AntiSpyCheck\antiSpyCheck.chm
  • %ProgramFiles%\AntiSpyCheck\AntiSpyCheck.exe
  • %ProgramFiles%\AntiSpyCheck\AntiSpyCheck.url
  • %ProgramFiles%\AntiSpyCheck\ascnospam.dll
  • %ProgramFiles%\AntiSpyCheck\blacklist.db
  • %ProgramFiles%\AntiSpyCheck\config.ini
  • %ProgramFiles%\AntiSpyCheck\cookies.db
  • %ProgramFiles%\AntiSpyCheck\DbgHelp.Dll
  • %ProgramFiles%\AntiSpyCheck\filesNames.db
  • %ProgramFiles%\AntiSpyCheck\hosts.db
  • %ProgramFiles%\AntiSpyCheck\knownLocations.db
  • %ProgramFiles%\AntiSpyCheck\Languages\English.ini
  • %ProgramFiles%\AntiSpyCheck\Languages\Spanish.ini
  • %ProgramFiles%\AntiSpyCheck\Logs\asc_activity-01112008-094705.log
  • %ProgramFiles%\AntiSpyCheck\md5.db
  • %ProgramFiles%\AntiSpyCheck\msvcp71.dll
  • %ProgramFiles%\AntiSpyCheck\msvcr71.dll
  • %ProgramFiles%\AntiSpyCheck\Plugins\DesktopManager\DesktopManager.dll
  • %ProgramFiles%\AntiSpyCheck\Plugins\DesktopManager\Languages\English.ini
  • %ProgramFiles%\AntiSpyCheck\Plugins\DesktopManager\Languages\Spanish.ini
  • %ProgramFiles%\AntiSpyCheck\Plugins\MessengerControl\Languages\english.ini
  • %ProgramFiles%\AntiSpyCheck\Plugins\MessengerControl\Languages\Spanish.ini
  • %ProgramFiles%\AntiSpyCheck\Plugins\MessengerControl\MessengerControl.dll
  • %ProgramFiles%\AntiSpyCheck\Plugins\StartupEditor\Languages\English.ini
  • %ProgramFiles%\AntiSpyCheck\Plugins\StartupEditor\Languages\Spanish.ini
  • %ProgramFiles%\AntiSpyCheck\Plugins\StartupEditor\StartupEditor.dll
  • %ProgramFiles%\AntiSpyCheck\registry.db
  • %ProgramFiles%\AntiSpyCheck\sdebug.log
  • %ProgramFiles%\AntiSpyCheck\spywareinfo.db
  • %ProgramFiles%\AntiSpyCheck\tips.txt
  • %ProgramFiles%\AntiSpyCheck\uninst.exe


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiSpyCheck" = "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe /s"

The program also creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Enable Browser Extensions" = "yes"

It then creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ad-protect.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\spamdet.DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9DA1990B-9BCA-4c80-AEFB-11A40FA849F9}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C628512D-A058-4BD4-B47B-B036F45FA02B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBD3E11-D201-46C9-8471-091D33159287}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3210E86-46A8-5973-963F-0EF4CF226A0C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{214345B8-BB69-498D-A168-29F58F15D806}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF231820-9904-4A37-B5B0-C87EF6F6CC82}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F51BC478-D997-4C56-988D-79D9EEAAD1EC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD4DCB8B-C33A-4E70-A351-6FAB7E1071A4}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{32BD20FD-41FD-47FB-9BC9-28DCBD7D55D7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5AA883DB-7CFD-4737-B3C3-C671595ECCE5}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ad-Protect.Addin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ad-Protect.Addin.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ad-Protect.Server
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ad-Protect.Server.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spamdet.SpamDetector
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spamdet.SpamDetector.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiSpyCheck.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyCheck
  • HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyCheck
  • HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\Ad-Protect.Addin.1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\AntiSpyCheck
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube