Tuesday, December 29, 2009

Antispyware Shield Pro

Antispyware Shield Pro is a rogue antispyware program.


Screen shoot of  Antispyware Shield Pro

Once installed, Antispyware Shield Pro will start a scan and reports a lot of infections. All of these infections are fake!

Sites used by  Antispyware Shield Pro:
scanner.entiresafescripts.net
wisypay.net

Registry keys and values created by  Antispyware Shield Pro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Restore
HKEY_CURRENT_USER\Software\Entire Safe Scripts Ltd
HKEY_CURRENT_USER\Software\Entire Safe Scripts Ltd\Antispyware Shield Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Setup | CheckUpdates = "yes"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | EnableLUA = 0x00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro | DisplayName = "Antispyware Shield Pro 1.32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro | UninstallString = "%ProgramFiles%\Antispyware Shield Pro\uninst.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro | DisplayIcon = "%ProgramFiles%\Antispyware Shield Pro\antispyshield.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro | DisplayVersion = "1.32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro | URLInfoAbout = "http://systemcleanerspro.net/"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro | Publisher = "Entire Safe Scripts Ltd"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Restore = "C:\Documents and Settings\All Users\Application Data\[RANDOM]\restore.exe"

Files created by  Antispyware Shield Pro:
%ProgramFiles%\Antispyware Shield Pro
%UserProfile%\Start Menu\Programs\Antispyware Shield Pro
%ProgramFiles%\Antispyware Shield Pro\antispyshield.exe
C:\Documents and Settings\All Users\Application Data\F\restore.exe
%ProgramFiles%\Antispyware Shield Pro\License.rtf
%ProgramFiles%\Antispyware Shield Pro\uninst.exe
%UserProfile%\Start Menu\Programs\Antispyware Shield Pro\Antispyware Shield Pro.lnk
%UserProfile%\Start Menu\Programs\Antispyware Shield Pro\Uninstall.lnk
%UserProfile%\Desktop\Antispyware Shield Pro.lnk


If your computer is infected with the rogue, then follow the Antispyware Shield Pro removal instructions.
Posted by Prog at 3:32 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)