"I was using
another Antispyware to scan and
delete spyware from our company's PC. I ran the
AntispywarePlus, and found it
to be much faster in scanning. In fact it also
caught 20 more spyware's than the other Antispyware.
The user interface is very appealing. Overall an
Excellent product."
Antivirus2009 is Rogue Security
Program. It is a Fake Anti Spyware. Antivirus2009 is known to be
pushed/advertised by various Trojan Horse programs. It uses aggressive
and deceptive techniques to frighten the user into purchasing the
program. It gives exaggerated report and claims of spyware found or
false positives but will not remove spyware unless the user purchases
the program.
Summary
The hosts file was updated with
the following url-to-ip mappings :
127.0.0.1 localhost The following http urls were started :
www.download.windowsupdate.com Generated smtp traffic : n/a There was a new connection established with a remote IRC Server :
n/a The Following Hidden Entries Created : n/a The following internet connection was established:
Processes
AV2009.exe
Drivers
N/A
Folders created
%PFDIR%\Antivirus 2009
Browsed Sites
http://antivirus2009professional.com/
When
the Fake Anti Spyware is executed, it creates the following files:
Name
Version
Publisher
Signature (MD5)
File Size (in Bytes)
..\quick launch \antivirus 2009.lnk
666
..\antivirus 2009\av2009.exe
832830d6228ed32e3172b989a98e36b9
900608
..\antivirus 2009\av2009.exe
b5718af5ce37e0ae5ca69b1f6167b5fb
954880
..\desktop\antivirus 2009.lnk
648
..\file.exe
017bc371135041e947281ad830c9db95
76288
..\ieupdates.exe
cd65e10f876d73f2ef17f66d3979a904
58880
..\scui.cpl
2e96f5118471dd06c8b55e8ca68eb410
78336
..\winsrc.dll
e6fb8ed057baa210562517a9cb4db66c
258048
When
the Fake Anti Spyware is executed, it creates the following Registry
entries:
Spyware Detector™Max
Secure Spyware Detector is a complete solution for individuals,
professionals and home users. The software is specially designed to
scan, detect, delete and recover spywares with an option of quick
and full scan.
