FraudTool-AntiSpySpider

Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories

Search SpywareGuide Database & Site

Security Email Alerts & Updates

Full Name:

FraudTool-AntiSpySpider Websearch Read More

Type:

Trojan

SG Index:

4 [Explain]

Removal tools:

List of products that detect/remove/protect against FraudTool-AntiSpySpider:

Desktop Anti-malware: Pro User: X-Cleaner

Control IM and P2P use, block spyware and other malware: RTGuardian

Endpoint Spyware Remediation: Greynet Enterprise Manager

IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway

Category Description:

A Trojan is a program that enables an attacker to get nearly complete control over an infected PC. Frequently used tool by malicious hackers. When this program executes, the program performs a specific set of actions. This usually works toward the goal of allowing the trojan to survive on a system and open up a backdoor.

Comment:

FraudTool-AntiSpySpider is used to disable the Windows Task Manager and Registry editor. Can display an infection message in the system tray. This tool is used with AntiSpySpider to trick the user into purchasing the application. Downloads and displays advertisements.

Screenshots:

	Fake malware warning.
	Fake spyware warning message.

Manual removal:

Disable System Restore.
Clean with X-Cleaner.
Do not restart the computer when X-Cleaner prompts.

Steps to re-enable the Task Manager and registry editor:

Go to Start->Run-> type mmc and hit enter.
The Console window will open.

Click on File and choose ->Add/Remove snap-in-
Then click on Add and you get a list of snap-in.
Select "Group Policy Object Editor" and click Add then click finish, close and last click OK

Under Console Root, expand the Local Computer Policy
Then expand the User Configuration container.
Click on Administrative Templates then click on System.
In the right pane find "Prevent access to registry editing tools" double click on it and dot Disabled. Click OK

Locate the Ctrl+Alt+Del Options folder. Click on it.
In the right pane, find "Remove Task Manager" double click on it and DOT disabled. Click OK

Close the Console window and reboot.

After reboot, remove the following files:
c:\WINDOWS\homepage.html
c:\WINDOWS\index.html
c:\WINDOWS\promo1.html
c:\WINDOWS\promo2.html
c:\WINDOWS\promo3.html
c:\WINDOWS\promo4.html
c:\WINDOWS\promo5.html
c:\WINDOWS\promo6.html
c:\WINDOWS\promogif1.gif
c:\WINDOWS\promogif2.gif
c:\WINDOWS\promogif3.gif
c:\WINDOWS\system32\adult.txt
c:\WINDOWS\system32\finance.txt
c:\WINDOWS\system32\lt.res
c:\WINDOWS\system32\other.txt
c:\WINDOWS\system32\pharma.txt
c:\WINDOWS\system32\sft.res
c:\WINDOWS\system32\sn.txt

Properties:

Alters Key Windows Components

Autostarts/Stays Resident

Connects to the internet

Fake "You are infected alerts"

Shows Advertisements

Related Products

Product	Category	Comment
AntiSpySpider	Miscellaneous Security

Click here to leave feedback for this product

Help with the BUST!

Become A Spyspotter!
Bust the Bad Guys!

Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.

Recent Blog Posts
More Google Adwords Phish Pages Google AdWords Phish Smash And Grab Putting A Smile On Their Face? Habbo Hotel Fakeout The "Partial Loss Of Data" Phish Barclays PINsentry Phish A (Lemon) Party On Your Desktop A Case Of Twitter Username Squatting? Hackjob

Recent Modifications

2008-10-9	Tor
2008-10-8	Win32.Surila.k
2008-10-8	Word.Trojan.Nikita
2008-10-6	LemonLover
2008-10-6	MSAntivirus
2008-10-6	Trojan.Puper
2008-10-6	FastTrackBot
2008-10-3	Banker.Gen
2008-9-29	PWS.XBpoint
2008-9-25	ADS Adware Remover