1. Symantec/
  2. Security Response/
  3. AntiSpyBoss


January 18, 2008 5:19:02 PM
Misleading Application
Risk Impact:
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
The program must be manually installed.

It creates random files on the computer. It then detects these files as false or exaggerated system security threats during a system scan.

The user is then prompted to pay for a full license of the application in order to remove the errors.

When the program is executed, it creates the following folders:
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyBoss
  • %ProgramFiles%\AntiSpyBoss

Next, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyBoss.lnk
  • C:\Documents and Settings\All Users\Desktop\AntiSpyBoss.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyBoss\AntiSpyBoss.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpyBoss\Uninstall AntiSpyBoss.lnk
  • %ProgramFiles%\AntiSpyBoss\asb32.exe
  • %ProgramFiles%\AntiSpyBoss\asb32.lng
  • %ProgramFiles%\AntiSpyBoss\dbsmpl.dat
  • %ProgramFiles%\AntiSpyBoss\sqoptions.dat
  • %ProgramFiles%\AntiSpyBoss\sqresult.dat
  • %ProgramFiles%\AntiSpyBoss\unins000.dat
  • %ProgramFiles%\AntiSpyBoss\unins000.exe

The program may create temporary files in the following folder:
%UserProfile%\Local Settings\Temp

It also creates randomly named .exe and .dll files in the following folders:
  • %UserProfile%\Local Settings\Temp
  • %System%
  • %Windìr%

The files created in the above folders are detected by the program during a system scan. The files are not executable and are non-malicious.

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiSpyBoss" = "C:\Program Files\AntiSpyBoss\asb32.exe"

It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyBoss_is1
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube