1. Symantec/
  2. Security Response/
  3. SpywareCease

SpywareCease

Updated:
May 29, 2009 9:08:00 AM
Type:
Misleading Application
Name:
SpywareCease
Version:
3.4
Publisher:
SpywareCease.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following folders:
  • %UserProfile%\Desktop\SpywareCease
  • %ProgramFiles%\Spyware Cease\update


It also creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Cease.lnk
  • %UserProfile%\Desktop\Spyware Cease.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
  • %ProgramFiles%\Spyware Cease\AutoUpdate.exe
  • %ProgramFiles%\Spyware Cease\DefendLog.txt
  • %ProgramFiles%\Spyware Cease\LSR.lsr
  • %ProgramFiles%\Spyware Cease\md5.dll
  • %ProgramFiles%\Spyware Cease\networkdll.dll
  • %ProgramFiles%\Spyware Cease\opfile.dll
  • %ProgramFiles%\Spyware Cease\RegDefend.ini
  • %ProgramFiles%\Spyware Cease\RkHitApi.dll
  • %ProgramFiles%\Spyware Cease\spkdll.dll
  • %ProgramFiles%\Spyware Cease\SpywareCease.chm
  • %ProgramFiles%\Spyware Cease\SpywareCease.exe
  • %ProgramFiles%\Spyware Cease\SpywareCease.url
  • %ProgramFiles%\Spyware Cease\swdb.ssk
  • %ProgramFiles%\Spyware Cease\unins000.dat
  • %ProgramFiles%\Spyware Cease\unins000.exe
  • %ProgramFiles%\Spyware Cease\zlib1.dll
  • %System%\drivers\RKHit.sys


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"SpywareCease.exe" = "C:\Program Files\Spyware Cease\SpywareCease.exe"

It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\Spyware Cease
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Cease_is1
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RkHit
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube