Home Malware Programs Trojans WinAntiSpyware

WinAntiSpyware

Posted: October 27, 2006

WinAntiSpyware is a rogue anti-spyware product that tricks the user with deceptive tactics in order to purchase the WinAntiSpyware product. WinAntiSpyware pops fake security notifications on the Taskbar, and ultimately tricks the user into purchasing Ultimate Defender in order to clean the alleged security-related problems. WinAntiSpyware 2006 or WinAntiSpyware 2007 may redirect your searches, and may come bundled with other spyware/adware.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 asagents.dll
    2 insthelp.exe
    3 shellext.dll
    4 stera.exe
    5 updater.exe
    6 uwas6chk.dll
    7 uwasffnt.exe
    8 was6.exe
    9 was6chk.dll
    10 wasffnt.exe
    11 winantispyware2006freesetup.exe
    12 winantispyware2006setup.exe
    13 winantispyware2007.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\software\winantispyware 2006 scannerHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\*\shellex\contextmenuhandlers\exploreruwasHKEY_CLASSES_ROOT\clsid\{1230649b-b980-44a5-b259-9b09ebea6331}HKEY_CLASSES_ROOT\clsid\{1236de55-eded-4675-af10-ba15eddb4d7a}HKEY_CLASSES_ROOT\clsid\{_clsid_washellexecutecheck}HKEY_CLASSES_ROOT\clsid\{_clsid_washellexecutecheck} appidHKEY_CLASSES_ROOT\clsid\{abcd4567-76b5-4bc7-aac5-396d70925b11}HKEY_CLASSES_ROOT\clsid\{f3ef3329-ccb1-433b-a3ed-6e763665d280}HKEY_CLASSES_ROOT\directory\shellex\contextmenuhandlers\exploreruwasHKEY_CLASSES_ROOT\drive\shellex\contextmenuhandlers\exploreruwasHKEY_CLASSES_ROOT\interface\{4567ab12-a884-4ca6-b739-cedb12fef096}HKEY_CLASSES_ROOT\interface\{abcd4567-4d73-43e9-85e5-53a2dbd95411}HKEY_CLASSES_ROOT\interface\{abcd4567-d8e8-4df1-a3ea-d0aa72f42611}HKEY_CLASSES_ROOT\typelib\{12398a44-7dfc-4c46-bd8f-41259d169a0d}HKEY_CLASSES_ROOT\typelib\{4567ab12-ae24-4fd6-b479-e2b464f32da6}HKEY_CLASSES_ROOT\typelib\{abcd4567-7437-43ef-ab74-4ab1d3a37411}HKEY_CLASSES_ROOT\uwas6.uwas6HKEY_CLASSES_ROOT\uwasfsd.creationnotifierHKEY_CLASSES_ROOT\uwashellext.shellhookHKEY_CLASSES_ROOT\uwashellext.wascontextmenuHKEY_LOCAL_MACHINE\system\currentcontrolset\services\uwasfsdHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run winantispyware 2006 scannerHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}winantispyware 2006 scanner_is1

Related Posts

4 Comments

  • Jon McNullty says:

    thank you sooo much you guys are awesome

  • Jesse says:

    win anti spyware is not letting me search anything on internet explorer. it says "cannot find server" but in your first step you state "highlight the file and copy/paste the path into the address bar". but i do not have an adress bar. im assuming its because of this virus. what should i do?

  • ghostrider01 says:

    Jesse,

    Instead of "highlight the file and copy/paste the path into the address bar" do the following: When Windows finishes your search, right-click on the folder of "WinAntiSpyware", choose Properties, highlight the Location and copy/paste the path into the address bar (you can simply paste the path into Internet Explorer Address Bar). Save the file's path on your clipboard because you'll need the file path to delete WinAntiSpyware in the following manual removal steps.

  • winxpguide says:

    More information about windows trouble shooting boot problems, system performance and system slowly working and other problems etc..

Loading...