MSAntispyware2009
MSAntispyware2009
Found:
2008-12-15
Known system changes:
Created Files
- %Windir%Tasks\At1.job
- %Windir%Tasks\At2.job
- %Windir%Tasks\At3.job
- %Windir%Tasks\At4.job
- %Windir%Tasks\At5.job
- %Windir%Tasks\At6.job
- %Windir%Tasks\At7.job
- %Windir%Tasks\At8.job
- %Windir%Tasks\At9.job
- %Windir%Tasks\At10.job
- %Windir%Tasks\At11.job
- %Windir%Tasks\At12.job
- %Windir%Tasks\At13.job
- %Windir%Tasks\At14.job
- %Windir%Tasks\At15.job
- %Windir%Tasks\At16.job
- %Windir%Tasks\At17.job
- %Windir%Tasks\At18.job
- %Windir%Tasks\At19.job
- %Windir%Tasks\At20.job
- %Windir%Tasks\At21.job
- %Windir%Tasks\At22.job
- %Windir%Tasks\At23.job
- %Windir%Tasks\At24.job
- %Temp%_ad1D.exe
- %Temp%_ad20.exe
Created Folders
- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009
- %StartMenu%Programs\MS AntiSpyware 2009
- %StartMenu%Program\MS AntiSpyware 2009
- %ApplicationData%CrucialSoft Ltd
- c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
- %ApplicationData%LastSun Ltd
Registry Entries
- Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Drivers\Video\Options
- Value: 4E8D9EBF-122C-42BD-A8CB-7E59C9CC08BA
- Data:
- Key: HKEY_CURRENT_USER\Software\CrucialSoft Ltd\MS AntiSpyware 2009
- Value:
- Data:
- Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7
- Value:
- Data:
- Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Value: MS AntiSpyware 2009
- Data: "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun
- Key: HKEY_CURRENT_USER\Software\CrucialSoft Ltd
- Value:
- Data:
- Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Value: MS AntiSpyware 2009
- Data: "C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\d5552520ab7657bd15d14f52c8dee289.exe" /autorun
- Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Value: MS AntiSpyware 2009
- Data: "C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\1e55d6460824923b5d4d2e50d5d92b3a.exe" /autorun
- Key: HKEY_CURRENT_USER\Software\LastSun Ltd
- Value:
- Data:
- Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\AV AntiSpyware 1.8
- Value:
- Data:
- Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Value: AV AntiSpyware
- Data: "C:\Documents and Settings\All Users\Application Data\LastSun Ltd\AV AntiSpyware\ava.exe" /autorun