> Virus & Spyware Info
Virus & Spyware Info
We provide the latest information on new viruses, spyware, and other malware.
| Name |
Adware/Rogueware.AntiMalware.A |
| Alias |
Adware.Win32.AntiMalware!A2[a-squared], RogueAntiSpyware.WindowsAntivirusPro[PCTools], Mal/FakeAV-BP[Sophos] |
| Current Spread Level |
 |
System Threat Level |
|
| Network Proliferation |
|
Potential Danger Level |
|
| Active Platform |
Windows |
Form/Type |
Rogueware |
| Method of Spread |
Download |
| Main Symptoms |
Induced payment through false/exaggerated detections. |
| Created Files |
axemt.dll, antimalware.exe, uninstall.exe |
| File Size |
1,601,536 Byte |
Activity Date |
0000-00-00 |
| Country of Origin |
Unspecified |
Detection Date |
0000-00-00 |
| Similar/Altered Viruses |
|
| Detectable Engine |
2009.12.16.01 |
Reparable Engine |
2009.12.16.01 |
|
| Description |
[Summary]
Adware/Rogueware.AntiMalware.A is downloaded and installed without the user's knowledge. A list is shown with false adware or spyware detections and payment is induced in order to repair the malware.
[Propagation]
Adware/Rogueware.AntiMalware.A is downloaded and installed through other malware.
[Symptoms]
1. Creates files in the following path when Adware/Rogueware.AntiMalware.A is installed.
- (Program Folder)\AntiMalware\amext.dll
- (Program Folder)\AntiMalware\antimalware.exe
- (Program Folder)\AntiMalware\uninstall.exe
2. The following registry key is created in order to run automatically upon Windows startup.
- HKEY_LOCAL_MACHINE\
SOFTWARE\
Microsoft\
Windows\
CurrentVersion\
Run
- Name: AntiMalware
- Data: "C:\Program Files\AntiMalware\antimalware.exe" -noscan
3. The registry created by Adware/Rogueware.AntiMalware.A is shown below.
- HKLM\SOFTWARE\AntiMalware
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiMalware
[Reference Information]
- (Drive Root) refers to the upper-most folder. (ex. C:\, D:\).
- (User Temporary Folder) generally refers to C:\Documents and Settings\(User Account)\Local Settings\Temp.
- (Internet Temporary Folder) generally refers to C:\Documents and Settings\(User Account)\Local Settings\Temporary Internet Files.
- (Windows Folder) generally refers to C:\WINDOWS in Windows 95/98/ ME, to C:\WINNT in Windows 2000/NT, and to C:\WINDOWS in Windows XP/2003/Vista.
- (Windows System Folder) generally refers to C:\WINDOWS\SYSTEM in Windows 95, 98, ME, to C:\WINNTSYSTEM32 in Windows 2000, NT, and to C:\WINDOWSSYSTEM32 in Windows XP/2003/Vista.
- In Windows, (Program Folder) generally refers to C:\Program Files |
| Manual Treatment Method |
[Repairing with nProtect Netizen / nProtect Personal]
1. Run the product and clik on the ON-SCAN button by the top.
2. Check on all the files in Settings and click on the Scan Now button.
3. If a malware is detected through the scan, click on the Yes button in the Treatment Option Window.
4. Check if the malware has been successfully repaired.
[Repairing with nProtect Anti-Virus/Spyware 2007 / nProtect GameGuard Personal 2007]
1. Run the product and update the engine and patch file to the latest version. (Using the main window, tray icon, or start menu)
2. Select the Virus/Spyware tab and click on the Scan Now button.
3. If a malware is detected through the scan, click on the Repair button.
4. Check if the malware has been successfully repaired. |
Contents Copyright Notice
The analyzed data above is copyright material by ISARC(INCA Internet Security Analysis & Response Center) and may not be used without permission.
Non-profit organizations or personal individuals may use the contents, but must cite the source, and any use of the information for commercial purposes or by corporations must first contact our contents manager and get our approval.
Information Contents Inquiries : sale@inca.co.kr
|
