Jump to content

Malwarebytes

VIPAntiSpyware

Started by SpySentinel, Apr 10 2008 09:04 PM

1 reply to this topic

#1
SpySentinel
Posted 10 April 2008 - 09:04 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,848 posts
  • Gender:Male
  • Location:The United States
  • Interests:Fighting/Analyzing Malware & Social Media
VipAntiSpyware

Installation
When the program is executed, it creates the following files:

* %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\vipantispyware.lnk
* %UserProfile%\Desktop\vipantispyware.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\Uninstall vipantispyware.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\vipantispyware on the Web.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\vipantispyware.lnk
* %ProgramFiles%\vipantispyware\[CURRENT_DATE].upd
* %ProgramFiles%\vipantispyware\alarm.wav
* %ProgramFiles%\vipantispyware\click.wav
* %ProgramFiles%\vipantispyware\config.cfg
* %ProgramFiles%\vipantispyware\dbinfo
* %ProgramFiles%\vipantispyware\dll\def2.base
* %ProgramFiles%\vipantispyware\dll\defbase0.db
* %ProgramFiles%\vipantispyware\dll\defbase1.db
* %ProgramFiles%\vipantispyware\dll\defbase2.db
* %ProgramFiles%\vipantispyware\dll\defbase3.db
* %ProgramFiles%\vipantispyware\dll\defbase4.db
* %ProgramFiles%\vipantispyware\dll\defbase5.db
* %ProgramFiles%\vipantispyware\dll\defbase6.db
* %ProgramFiles%\vipantispyware\dll\defbase7.db
* %ProgramFiles%\vipantispyware\dll\defbase8.db
* %ProgramFiles%\vipantispyware\dll\immunization.pl
* %ProgramFiles%\vipantispyware\dll\license
* %ProgramFiles%\vipantispyware\dll\sig2.base
* %ProgramFiles%\vipantispyware\dll\sigrules.rul
* %ProgramFiles%\vipantispyware\dll\update.scr
* %ProgramFiles%\vipantispyware\success.wav
* %ProgramFiles%\vipantispyware\unins000.dat
* %ProgramFiles%\vipantispyware\unins000.exe
* %ProgramFiles%\vipantispyware\vipantispyware.exe
* %ProgramFiles%\vipantispyware\vipantispyware.url
* %SystemRoot%\winxplogon.sys



Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"vipantispyware" = "C:\Program Files\vipantispyware\vipantispyware.exe"

It also creates the following registry subkeys:

* HKEY_CURRENT_USER\Software\vipantispyware
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VipAntispyware_is1


http://www.symantec.com/norton/security_re...-99&tabid=2
Matt Russo
Social Media Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#2
SwampDiner
Posted 13 April 2008 - 07:03 PM

    True Member

  • Experts
  • PipPipPipPip
  • 419 posts
  • Location:The Internets
Added 172
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us