007 Anti-Spwyare AKA 007 Antispyware is a fake security program that only shows bogus scan results. The goal of the program is to trick the user into purchasing the product. DO NOT PURCHASE this product. Most people who got infected with this virus got it from a fake video codec that installed a torjan onto thier computer. This trojan then went out and auto downloaded and most likly auto installed onto your computer. This virus strain does affect Window XP and Windows Vista. If you are infected with this then you need to run a full scan using your favorite security product to ensure you have no other infections. Those who are infected with this need to take action right away to fully remove this threat. If you are infected with this fake client then you also have other trojans on your computer that auto installed this client. The most common reason for infection is fake video codec software.
Some symptoms of 007 Anti-Spyware:
* Bogus Scan results * Auto Scans on Start-up * Warning coming out of a fake shield in the system tray * pop-ups and re-directs to the fake software’s website * constant warnings of being infected as well as false statements of other trojans
007 Anti-Spyware
Manual removal instructions for This Virus( Please read our disclaimer bellow )
Kill processes: If they are running 007-Anti-Spyware.exe AutoUpdate.exe
Delete registry values:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”007-Anti-Spyware.exe” = “%ProgramFiles%\007 Anti-Spyware\007-Anti-Spyware.exe” *
- HKEY_CLASSES_ROOT\CLSID\{BC00E47F-1016-25DD-E208-74A12348F178} * HKEY_CURRENT_USER\Software\Spyware Cease *
- HKEY_LOCAL_MACHINE\SOFTWARE\007AntiSpyware.com * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\007 Anti-Spyware *
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RkHit
Delete files:
* %ProgramFiles%\007 Anti-Spyware\007-Anti-Spyware.exe * %ProgramFiles%\007 Anti-Spyware\asdb.dat * %ProgramFiles%\007 Anti-Spyware\asfile.dll * %ProgramFiles%\007 Anti-Spyware\ASHitApi.dll * %ProgramFiles%\007 Anti-Spyware\askdll.dll * %ProgramFiles%\007 Anti-Spyware\asUpdate.dll * %ProgramFiles%\007 Anti-Spyware\AutoUpdate.exe * %ProgramFiles%\007 Anti-Spyware\ClientDF.dll * %ProgramFiles%\007 Anti-Spyware\License.txt * %ProgramFiles%\007 Anti-Spyware\LSR.lsr * %ProgramFiles%\007 Anti-Spyware\md5.dll * %ProgramFiles%\007 Anti-Spyware\networkas2.dll * %ProgramFiles%\007 Anti-Spyware\RegDefend.ini * %ProgramFiles%\007 Anti-Spyware\Scanft.dll * %ProgramFiles%\007 Anti-Spyware\Scangi.dll * %ProgramFiles%\007 Anti-Spyware\zlib1.dll * %SystemRoot%\RKHit.sys * %UserProfile%\Desktop\007 Anti-Spyware.lnk * %UserProfile%\Start Menu\Programs\007 Anti-Spyware\007 Anti-Spyware.lnk * %UserProfile%\Start Menu\Programs\007 Anti-Spyware\Uninstall 007 Anti-Spyware.lnk * %Windir%\007 Anti-Spyware Uninstaller.exe
Delete directories:
- %UserProfile%\Start Menu\Programs\007 Anti-Spyware\
- %ProgramFiles%\007 Anti-Spyware\
Outside Resources:
http://www.symantec.com/security_response/writeup.jsp?docid=2009-073120-1433-99
Speak Your Mind