1. Symantec/
  2. Security Response/
  3. AntiSpyKit

AntiSpyKit

Updated:
February 22, 2008 2:02:13 PM
Type:
Misleading Application
Name:
AntiSpyKit 5.2
Version:
1.0.0.1
Publisher:
AntiSpyKit.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyKit 5.2.lnk
  • %UserProfile%\Desktop\AntiSpyKit 5.2.lnk
  • %UserProfile%\Local Settings\Temp\AGLanguage.ini
  • %UserProfile%\Start Menu\Programs\AntiSpyKit 5.2\AntiSpyKit 5.2.lnk
  • %UserProfile%\Start Menu\Programs\AntiSpyKit 5.2\Uninstall AntiSpyKit 5.2.lnk
  • %UserProfile%\Start Menu\AntiSpyKit 5.2.lnk
  • %ProgramFiles%\AntiSpyKit 5.2\AntiSpyKit 5.2.exe
  • %ProgramFiles%\AntiSpyKit 5.2\db.dat
  • %ProgramFiles%\AntiSpyKit 5.2\DbgHelp.Dll
  • %ProgramFiles%\AntiSpyKit 5.2\generalConfig.xml
  • %ProgramFiles%\AntiSpyKit 5.2\Lang\English.ini
  • %ProgramFiles%\AntiSpyKit 5.2\Logs\scan_log_02212008-061933.html
  • %ProgramFiles%\AntiSpyKit 5.2\monitorConfig.xml
  • %ProgramFiles%\AntiSpyKit 5.2\msvcp71.dll
  • %ProgramFiles%\AntiSpyKit 5.2\msvcr71.dll
  • %ProgramFiles%\AntiSpyKit 5.2\scannerConfig.xml
  • %ProgramFiles%\AntiSpyKit 5.2\uninst.exe
  • %ProgramFiles%\AntiSpyKit 5.2\usageStats.xml
  • %ProgramFiles%\AntiSpyKit 5.2\ignored.lst


It also creates the following folders:
  • %UserProfile%\Local Settings\Temp\[RANDOM NAME]
  • C:\Documents and Settings\All Users\Application Data\TEMP


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiSpyKit 5.2" = ""C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe" /h"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\AppID\Cerberus.EXE
  • HKEY_CLASSES_ROOT\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
  • HKEY_CLASSES_ROOT\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}
  • HKEY_CLASSES_ROOT\Cerberus.EngineListener.1
  • HKEY_CLASSES_ROOT\Cerberus.EngineListener
  • HKEY_CLASSES_ROOT\Cerberus.Scanner.1
  • HKEY_CLASSES_ROOT\Cerberus.Scanner
  • HKEY_CLASSES_ROOT\Cerberus.ThreatCollection.1
  • HKEY_CLASSES_ROOT\Cerberus.ThreatCollection
  • HKEY_CLASSES_ROOT\Engine.Backup.1
  • HKEY_CLASSES_ROOT\Engine.Backup
  • HKEY_CLASSES_ROOT\Engine.IgnoreList.1
  • HKEY_CLASSES_ROOT\Engine.IgnoreList
  • HKEY_CLASSES_ROOT\Engine.Log.1
  • HKEY_CLASSES_ROOT\Engine.Log
  • HKEY_CLASSES_ROOT\Engine.Paths.1
  • HKEY_CLASSES_ROOT\Engine.Paths
  • HKEY_CLASSES_ROOT\Engine.RunAs.1
  • HKEY_CLASSES_ROOT\Engine.RunAs
  • HKEY_CLASSES_ROOT\Engine.SearchItem.1
  • HKEY_CLASSES_ROOT\Engine.SearchItem
  • HKEY_CLASSES_ROOT\Engine.Threat.1
  • HKEY_CLASSES_ROOT\Engine.Threat
  • HKEY_CLASSES_ROOT\Interface\{27ED4AC2-B6D8-4079-9831-017A100B391E}
  • HKEY_CLASSES_ROOT\Interface\{3F6D6C35-FB73-45E6-9473-BB4CC25CE019}
  • HKEY_CLASSES_ROOT\Interface\{715D709B-2B10-42FA-A069-297D25D93601}
  • HKEY_CLASSES_ROOT\Interface\{872C1B1E-3CF0-4D3A-95E5-A0C662D2854C}
  • HKEY_CLASSES_ROOT\Interface\{886B1D08-B404-40F0-AA18-4E416682A2E9}
  • HKEY_CLASSES_ROOT\Interface\{8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB}
  • HKEY_CLASSES_ROOT\Interface\{925B0211-A1C1-4712-8FCA-5F5B8101736D}
  • HKEY_CLASSES_ROOT\Interface\{B01E37C4-5497-4D58-9FFD-D5653B8DC866}
  • HKEY_CLASSES_ROOT\Interface\{CCAA201C-C48D-48A8-A1E8-846562CBF1C1}
  • HKEY_CLASSES_ROOT\Interface\{D483521B-D5CC-43FF-A45A-9BE4A8E6606E}
  • HKEY_CLASSES_ROOT\Interface\{ED2AFF47-B7BE-4273-A203-C796E87F72D2}
  • HKEY_CLASSES_ROOT\Interface\{F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E}
  • HKEY_CLASSES_ROOT\Interface\{F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF}
  • HKEY_CLASSES_ROOT\Interface\{FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA}
  • HKEY_CLASSES_ROOT\Interface\{FDDF521B-0EBE-4D15-838C-73E2D851161B}
  • HKEY_CLASSES_ROOT\Interface\{FF609434-EB47-481B-BA0E-1D2B467629A5}
  • HKEY_CLASSES_ROOT\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139}
  • HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyKit 5.2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiSpyKit 5.2.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyKit 5.2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Engine.LogRecord
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Engine.LogRecord.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Engine.Quarantine
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Engine.Quarantine.1


Similar Security Risks


AntiVirusGold


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube