1. Symantec/
  2. Security Response/
  3. AntiSpyBoss

AntiSpyBoss

Updated:
January 18, 2008 5:19:02 PM
Type:
Misleading Application
Name:
AntiSpyBoss
Version:
1.0.0.44
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

It creates random files on the computer. It then detects these files as false or exaggerated system security threats during a system scan.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following folders:
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyBoss
  • %ProgramFiles%\AntiSpyBoss


Next, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyBoss.lnk
  • C:\Documents and Settings\All Users\Desktop\AntiSpyBoss.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyBoss\AntiSpyBoss.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyBoss\Uninstall AntiSpyBoss.lnk
  • %ProgramFiles%\AntiSpyBoss\asb32.exe
  • %ProgramFiles%\AntiSpyBoss\asb32.lng
  • %ProgramFiles%\AntiSpyBoss\dbsmpl.dat
  • %ProgramFiles%\AntiSpyBoss\sqoptions.dat
  • %ProgramFiles%\AntiSpyBoss\sqresult.dat
  • %ProgramFiles%\AntiSpyBoss\unins000.dat
  • %ProgramFiles%\AntiSpyBoss\unins000.exe


The program may create temporary files in the following folder:
%UserProfile%\Local Settings\Temp

It also creates randomly named .exe and .dll files in the following folders:
  • %UserProfile%\Local Settings\Temp
  • %System%
  • %Windìr%


The files created in the above folders are detected by the program during a system scan. The files are not executable and are non-malicious.

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiSpyBoss" = "C:\Program Files\AntiSpyBoss\asb32.exe"

It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyBoss_is1
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube