FraudTool-AntiSpySpider

Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories

Search SpywareGuide Database & Site

Security Email Alerts & Updates

Full Name:

FraudTool-AntiSpySpider Websearch Read More

Type:

Trojan

SG Index:

4 [Explain]

Removal tools:

List of products that detect/remove/protect against FraudTool-AntiSpySpider:

Desktop Anti-malware: Pro User: X-Cleaner

Control IM and P2P use, block spyware and other malware: RTGuardian

Endpoint Spyware Remediation: Greynet Enterprise Manager

IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway

Category Description:

A Trojan is a program that enables an attacker to get nearly complete control over an infected PC. Frequently used tool by malicious hackers. When this program executes, the program performs a specific set of actions. This usually works toward the goal of allowing the trojan to survive on a system and open up a backdoor.

Comment:

FraudTool-AntiSpySpider is used to disable the Windows Task Manager and Registry editor. Can display an infection message in the system tray. This tool is used with AntiSpySpider to trick the user into purchasing the application. Downloads and displays advertisements.

Screenshots:

	Fake malware warning.
	Fake spyware warning message.

Manual removal:

Disable System Restore.
Clean with X-Cleaner.
Do not restart the computer when X-Cleaner prompts.

Steps to re-enable the Task Manager and registry editor:

Go to Start->Run-> type mmc and hit enter.
The Console window will open.

Click on File and choose ->Add/Remove snap-in-
Then click on Add and you get a list of snap-in.
Select "Group Policy Object Editor" and click Add then click finish, close and last click OK

Under Console Root, expand the Local Computer Policy
Then expand the User Configuration container.
Click on Administrative Templates then click on System.
In the right pane find "Prevent access to registry editing tools" double click on it and dot Disabled. Click OK

Locate the Ctrl+Alt+Del Options folder. Click on it.
In the right pane, find "Remove Task Manager" double click on it and DOT disabled. Click OK

Close the Console window and reboot.

After reboot, remove the following files:
c:\WINDOWS\homepage.html
c:\WINDOWS\index.html
c:\WINDOWS\promo1.html
c:\WINDOWS\promo2.html
c:\WINDOWS\promo3.html
c:\WINDOWS\promo4.html
c:\WINDOWS\promo5.html
c:\WINDOWS\promo6.html
c:\WINDOWS\promogif1.gif
c:\WINDOWS\promogif2.gif
c:\WINDOWS\promogif3.gif
c:\WINDOWS\system32\adult.txt
c:\WINDOWS\system32\finance.txt
c:\WINDOWS\system32\lt.res
c:\WINDOWS\system32\other.txt
c:\WINDOWS\system32\pharma.txt
c:\WINDOWS\system32\sft.res
c:\WINDOWS\system32\sn.txt

Properties:

Alters Key Windows Components

Autostarts/Stays Resident

Connects to the internet

Fake "You are infected alerts"

Shows Advertisements

Related Products

Product	Category	Comment
AntiSpySpider	Miscellaneous Security

Click here to leave feedback for this product

Help with the BUST!

Become A Spyspotter!
Bust the Bad Guys!

Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.

Recent Blog Posts
Spammers Take A Cheap Shot... CNN, MSNBC Spammers Downgrading Their EMails Lost.....and Found Another Site Hiding Pirate Movies Behind a Zango Installer Prompt A Dark Knight For Zango? A Change of Plan For Your Spam Trust No One? Spamblogs Pushing Rogue Antivirus Programs Marketing Bot Allows Insertion of Custom Facebook Feed Messages CNN Custom Alerts Spam

Recent Modifications

2008-8-15	Trojan.Wowcraft
2008-8-12	Anonymizers/proxy avoidance sites
2008-8-8	Trojan.Agent.BMC
2008-8-7	FouBot
2008-8-7	WinAntiVirus
2008-8-7	Fake.AV
2008-8-7	Smiddy
2008-8-5	CN_Vids
2008-7-29	WishBone
2008-7-28	008 Keylogger Remote