1. Symantec/
  2. Security Response/
  3. PCAntiSpyware

PCAntiSpyware

Updated:
March 27, 2008 9:11:02 PM
Type:
Misleading Application
Name:
PC-Antispyware
Version:
1.4.125.0
Publisher:
PC-Antispyware.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\PC-Antispyware\config.xml
  • %UserProfile%\Application Data\PC-Antispyware\logs\1205156013.log
  • %UserProfile%\Application Data\PC-Antispyware\Sites.bl
  • %UserProfile%\Local Settings\Temp\[RANDOM CHARACTERS].tmp
  • %UserProfile%\Start Menu\Programs\Startup\.protected
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
  • C:\Documents and Settings\All Users\Start Menu\Programs\PC-Antispyware\PC-Antispyware Uninstall.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\PC-Antispyware\PC-Antispyware.lnk
  • %ProgramFiles%\PC-Antispyware\IeExtension.dll
  • %ProgramFiles%\PC-Antispyware\PC-Antispyware.db
  • %ProgramFiles%\PC-Antispyware\PC-Antispyware.exe
  • %ProgramFiles%\PC-Antispyware\pcantispyware.pkg
  • %ProgramFiles%\PC-Antispyware\PopupBlocker.dll
  • %ProgramFiles%\PC-Antispyware\program.info
  • %ProgramFiles%\PC-Antispyware\Uninstall.exe
  • %System%\drivers\etc\.protected
  • %Windìr%\.protected
  • %SystemDrive%\.protected


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"PC-Antispyware" = ""C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide"

It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\PC-Antispyware
  • HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispyware
  • HKEY_CLASSES_ROOT\CLSID\{10F0C2A9-8E38-43e3-204D-45524C494E20}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10F0C2A9-8E38-43e3-204D-45524C494E20}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC-Antispyware
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube