Security Ticker: AntiSpyCheck Rogue Program

AntiSpycheck is a new rogue spyware program. It's installed by the zlob trojan, giving fake alerts that try to get you to purchase it. The zlob trojan disguises itself as a video codec that is supposedly needed to view a video. It really installs spyware to make fake alerts and installs AntiSpyCheck to trick you into buying it.

Here are some lines from Hijackthis that you may find if you are infected:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll
O2 - BHO: 514852 helper - {9420D9C5-E151-4D83-B9A6-27DE1A7A0E5F} - C:\WINDOWS\system32\514852\514852.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O22 - SharedTaskScheduler: campaniform - {5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f} - C:\WINDOWS\system32\kfcpnd.dll

Here are some files that you my have if you are infected with this trojan:

c:\Program Files\AntiSpyCheck
c:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
c:\Program Files\AntiSpyCheck\IEWarning.dll
c:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru
c:\Program Files\NetProject
c:\Program Files\NetProject\sbmdl.dll
c:\Program Files\NetProject\sbmntr.exe
c:\Program Files\NetProject\sbsm.exe
c:\Program Files\NetProject\sbun.exe
c:\Program Files\NetProject\scit.exe
c:\Program Files\NetProject\scm.exe
c:\Program Files\NetProject\scu.exe
c:\WINDOWS\system32\kfcpnd.dll
c:\WINDOWS\system32\514852\514852.dll

For full details and a free removal guide, take a look at Bleeping Computer's AntiSpyCheck Removal Guide.

Security Ticker

Wednesday, June 11, 2008

AntiSpyCheck Rogue Program

0 comments:

Sitemeter

Blog Archive

Labels

Links

Subscribe via Feed

Subscribe via email

Search