1. /
  2. Security Response/
  3. AntiSpyKit

AntiSpyKit

Updated:
February 22, 2008 2:02:13 PM
Type:
Misleading Application
Name:
AntiSpyKit 5.2
Version:
1.0.0.1
Publisher:
AntiSpyKit.com
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyKit 5.2.lnk
  • %UserProfile%\Desktop\AntiSpyKit 5.2.lnk
  • %UserProfile%\Local Settings\Temp\AGLanguage.ini
  • %UserProfile%\Start Menu\Programs\AntiSpyKit 5.2\AntiSpyKit 5.2.lnk
  • %UserProfile%\Start Menu\Programs\AntiSpyKit 5.2\Uninstall AntiSpyKit 5.2.lnk
  • %UserProfile%\Start Menu\AntiSpyKit 5.2.lnk
  • %ProgramFiles%\AntiSpyKit 5.2\AntiSpyKit 5.2.exe
  • %ProgramFiles%\AntiSpyKit 5.2\db.dat
  • %ProgramFiles%\AntiSpyKit 5.2\DbgHelp.Dll
  • %ProgramFiles%\AntiSpyKit 5.2\generalConfig.xml
  • %ProgramFiles%\AntiSpyKit 5.2\Lang\English.ini
  • %ProgramFiles%\AntiSpyKit 5.2\Logs\scan_log_02212008-061933.html
  • %ProgramFiles%\AntiSpyKit 5.2\monitorConfig.xml
  • %ProgramFiles%\AntiSpyKit 5.2\msvcp71.dll
  • %ProgramFiles%\AntiSpyKit 5.2\msvcr71.dll
  • %ProgramFiles%\AntiSpyKit 5.2\scannerConfig.xml
  • %ProgramFiles%\AntiSpyKit 5.2\uninst.exe
  • %ProgramFiles%\AntiSpyKit 5.2\usageStats.xml
  • %ProgramFiles%\AntiSpyKit 5.2\ignored.lst


It also creates the following folders:
  • %UserProfile%\Local Settings\Temp\[RANDOM NAME]
  • C:\Documents and Settings\All Users\Application Data\TEMP


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiSpyKit 5.2" = ""C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe" /h"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\AppID\Cerberus.EXE
  • HKEY_CLASSES_ROOT\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
  • HKEY_CLASSES_ROOT\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}
  • HKEY_CLASSES_ROOT\Cerberus.EngineListener.1
  • HKEY_CLASSES_ROOT\Cerberus.EngineListener
  • HKEY_CLASSES_ROOT\Cerberus.Scanner.1
  • HKEY_CLASSES_ROOT\Cerberus.Scanner
  • HKEY_CLASSES_ROOT\Cerberus.ThreatCollection.1
  • HKEY_CLASSES_ROOT\Cerberus.ThreatCollection
  • HKEY_CLASSES_ROOT\Engine.Backup.1
  • HKEY_CLASSES_ROOT\Engine.Backup
  • HKEY_CLASSES_ROOT\Engine.IgnoreList.1
  • HKEY_CLASSES_ROOT\Engine.IgnoreList
  • HKEY_CLASSES_ROOT\Engine.Log.1
  • HKEY_CLASSES_ROOT\Engine.Log
  • HKEY_CLASSES_ROOT\Engine.Paths.1
  • HKEY_CLASSES_ROOT\Engine.Paths
  • HKEY_CLASSES_ROOT\Engine.RunAs.1
  • HKEY_CLASSES_ROOT\Engine.RunAs
  • HKEY_CLASSES_ROOT\Engine.SearchItem.1
  • HKEY_CLASSES_ROOT\Engine.SearchItem
  • HKEY_CLASSES_ROOT\Engine.Threat.1
  • HKEY_CLASSES_ROOT\Engine.Threat
  • HKEY_CLASSES_ROOT\Interface\{27ED4AC2-B6D8-4079-9831-017A100B391E}
  • HKEY_CLASSES_ROOT\Interface\{3F6D6C35-FB73-45E6-9473-BB4CC25CE019}
  • HKEY_CLASSES_ROOT\Interface\{715D709B-2B10-42FA-A069-297D25D93601}
  • HKEY_CLASSES_ROOT\Interface\{872C1B1E-3CF0-4D3A-95E5-A0C662D2854C}
  • HKEY_CLASSES_ROOT\Interface\{886B1D08-B404-40F0-AA18-4E416682A2E9}
  • HKEY_CLASSES_ROOT\Interface\{8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB}
  • HKEY_CLASSES_ROOT\Interface\{925B0211-A1C1-4712-8FCA-5F5B8101736D}
  • HKEY_CLASSES_ROOT\Interface\{B01E37C4-5497-4D58-9FFD-D5653B8DC866}
  • HKEY_CLASSES_ROOT\Interface\{CCAA201C-C48D-48A8-A1E8-846562CBF1C1}
  • HKEY_CLASSES_ROOT\Interface\{D483521B-D5CC-43FF-A45A-9BE4A8E6606E}
  • HKEY_CLASSES_ROOT\Interface\{ED2AFF47-B7BE-4273-A203-C796E87F72D2}
  • HKEY_CLASSES_ROOT\Interface\{F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E}
  • HKEY_CLASSES_ROOT\Interface\{F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF}
  • HKEY_CLASSES_ROOT\Interface\{FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA}
  • HKEY_CLASSES_ROOT\Interface\{FDDF521B-0EBE-4D15-838C-73E2D851161B}
  • HKEY_CLASSES_ROOT\Interface\{FF609434-EB47-481B-BA0E-1D2B467629A5}
  • HKEY_CLASSES_ROOT\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139}
  • HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyKit 5.2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiSpyKit 5.2.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyKit 5.2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Engine.LogRecord
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Engine.LogRecord.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Engine.Quarantine
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Engine.Quarantine.1


Similar Security Risks


AntiVirusGold


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report