WinAntiSpyware

Description:	Rogue Security Program
Risk Level:	High
Date of First Occurence:	Monday, April 21, 2008
Software Developer:	(unknown)
Brief Info:	Rogue/Suspect Anti-Spyware Product "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
Removal:	This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "WinAntiSpyware"

Threat Info

View All

Detected Items

Detected Files: %SYSDIR%\drivers\wasfsd.sys MD5: A100E9D31C567E57125456290B305D6B Size:11776 MD5: CE4DADC6DDC6EA10994595E10FAB173F Size:11776 MD5: 4000A1E046CFDCB43A95CC4F959493E1 Size:11776 %TEMP%\WinAntiSpyware2007Setup.exe MD5: 7750C3DC3651DEC936894E78F32F4B65 Size:9720100 MD5: F8C834B716D01140967306230FB1FC13 Size:6185334 MD5: 0A5CD4897962F473CF7C7E5FCC329755 Size:9634030 %SYSDIR%\stera.exe MD5: 24EE611BC65DCF5C54EB0911B342F8AB Size:6144 MD5: 68F11D7527B202EEECFEBDB288A474E0 Size:6144 %SYSDIR%\drivers\ApiMon.sys MD5: A9B49F32CDFB073B7FE39E06FC2F9513 Size:18432 MD5: F484F68E4EAFC02C8F75B6E7C02174FF Size:18432 %PROGRAMFILES%\WinAntiSpyware 2007\fopnl.dll MD5: FFA5A5FD31F91733BDECA60E1D6E4C51 Size:292864 %PROGRAMFILES%\WinAntiSpyware 2007\InstHelp.exe MD5: C45C1D433D06231A01ABD87E4A2A23EB Size:120832 MD5: D3B6632E63FF5D5D3F4280645A9295CD Size:120832 %PROGRAMFILES%\WinAntiSpyware 2007\unins000.exe MD5: CBC6AA444F4C0F50220E9427139A56CE Size:682330 %TEMP%\WinAntiSpyware2006Setup.exe MD5: 1EFCC370E76EAF878769CCF710ADD4EB Size:3898062 MD5: 7DA82C3905D9A835A70D19618D778FE4 Size:3987356 MD5: 047244D3E956CC70F1203E6DB47A6266 Size:3960052 MD5: B822E58D9902540D0C6F2D4D02DFF856 Size:3976181 MD5: 1B6C1EE66F42144D840FE77A0F4BA627 Size:3383956 MD5: 6F0DBFEC82B2873162661F6646846FA2 Size:3768924 MD5: 133D813316DE998BA7B17FD00BAF51CC Size:3752520 %TEMP%\WinAntiSpyware2005Setup.exe MD5: 9E5C74F48D0EC35FC50AB8CB9415DFF7 Size:2664663 %PROGRAMFILES%\WinAntiSpyware 2006 Scanner\uwasffNT.exe MD5: D1C8A6485512BAECE681CE7C4D5A4DCD Size:61440 %PROGRAMFILES%\WinAntiSpyware 2006 Scanner\uwas6chk.dll MD5: 07D3B0D761494795D4F2AFA7FA7DCEED Size:28160 %PROGRAMFILES%\WinAntiSpyware 2006 Scanner\Updater.exe MD5: 83D82DA47A3C33B8F05805B2CCC2B204 Size:696320 %PROGRAMFILES%\WinAntiSpyware 2006 Scanner\shellext.dll MD5: B1601D4BF5A1CBBF87BF4604857B37CC Size:139776 %PROGRAMFILES%\WinAntiSpyware 2006 Scanner\InstHelp.exe MD5: B86AAB293F64122C2717FE13FB42FF1D Size:111616 %PROGRAMFILES%\WinAntiSpyware 2006 Scanner\AsAgents.dll MD5: 86DD2E62FAAA1C13EF6FC2E73CA4D814 Size:373248 %PROGRAMFILES%\WinAntiSpyware 2006 Scanner\unins000.exe MD5: 99ED3612D2E1F3D8C67D6EA0EF45597F Size:676679 %PROGRAMFILES%\WinAntiSpyware 2006\shellext.dll MD5: 29761F06AA9172073F5BAE69EA39B256 Size:97280 %PROGRAMFILES%\WinAntiSpyware 2006\AsAgents.dll MD5: 224F9B1A434D42FDDDFD1BD676E66FB0 Size:398336 %SYSDIR%\drivers\uwasfsd.sys MD5: 790395AA46839D588C61AC8DDBB0838F Size:11776 MD5: F57353594B608F972D72E30FC0117EF3 Size:11776 MD5: B5F0E3E74B0B92F2EA13096F4D362462 Size:11776 %PROGRAMFILES%\WinAntiSpyware 2007\InstUp.exe MD5: 823919754CC25DB2BD06B1DF1A45EA83 Size:632529 %PROGRAMFILES%\WinAntiSpyware 2007\UnWizard.exe MD5: 54CBF0EB26551ECEFB225E7E305A1EFA Size:531968 %PROGRAMFILES%\winantispyware 2007\AsAgents.dll MD5: F5C39877B62092A4B368104C95D7220D Size:493056 %PROGRAMFILES%\WinAntiSpyware 2007\shellext.dll MD5: 067111AE6BB3D4FD349F1F93BB0E4F10 Size:101888 %PROGRAMFILES%\WinAntiSpyware 2006\upd1172.exe MD5: 88D3DE632C225CDA5982FA3DB55DDF30 Size:651117 %PROGRAMFILES%\WinAntiSpyware 2006\unins000.exe MD5: 6831E53C1F7AAA8F5F0104E0E0CD6A9E Size:669002 %PROGRAMFILES%\WinAntiSpyware 2006\InstHelp.exe MD5: 971EBC607FB461CB44307E5322F29E31 Size:120832 %COMMONFILES%\WinAntiSpyware 2006\was6chk.dll MD5: ED1B6E6AC97C9935D499951CD4983A45 Size:28672 %PROGRAMFILES%\WINANTISPYWARE 2006\WASFFNT.EXE MD5: D425B327070C4D644E63438925FE450D Size:61440 %PROGRAMFILES%\WinAntiSpyware 2006\UnWizard.exe MD5: BADB00365D095EC4E58BA9F2562345BE Size:508928 %PROGRAMFILES%\WinAntiSpyware 2006\support.exe MD5: 429361D9B5865885C9DBCE9DDF52D4FA Size:565248
Detected Files with variable Filenames: MD5: 86F1895AE8C5E8B17D99ECE768A70732 Size: 348160 %PROGRAMFILES%\WinAntiSpyware 2007\msvcr71.dll %PROGRAMFILES%\WinAntiSpyware 2006\msvcr71.dll MD5: 561FA2ABB31DFA8FAB762145F81667C2 Size: 499712 %PROGRAMFILES%\WinAntiSpyware 2007\msvcp71.dll %PROGRAMFILES%\WinAntiSpyware 2006\msvcp71.dll MD5: F35A584E947A5B401FEB0FE01DB4A0D7 Size: 1060864 %PROGRAMFILES%\WinAntiSpyware 2007\mfc71.dll %PROGRAMFILES%\WinAntiSpyware 2006\mfc71.dll MD5: 8F2097E8B174F38178570C611464935F Size: 89088 %PROGRAMFILES%\WinAntiSpyware 2007\atl71.dll %PROGRAMFILES%\WinAntiSpyware 2006\atl71.dll

Detecting items list:

Files by Name %START_PROGRAMSALL%\WinAntiSpyware 200? Scanner\Contact customer support.lnk %START_PROGRAMSALL%\WinAntiSpyware 200? Scanner\Uninstall WinAntiSpyware 200? Scanner.lnk %START_PROGRAMSALL%\WinAntiSpyware 200? Scanner\WinAntiSpyware 200? Scanner on the Web.lnk %START_PROGRAMSALL%\WinAntiSpyware 200? Scanner\WinAntiSpyware 200? Scanner Online Manual.lnk %START_PROGRAMSALL%\WinAntiSpyware 200? Scanner\WinAntiSpyware 200? Scanner.lnk %APPDATA%\microsoft\internet explorer\quick launch\WinAntispyware 200?.lnk %DESKTOP%\WinAntiSpyware 200? Scanner.lnk %TEMP%\WinAntiSpyware200?Setup.exe %ProgramFiles%\WinAntiSpyware 200? Scanner\Activate.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\AsAgents.dll %ProgramFiles%\WinAntiSpyware 200? Scanner\bnlink.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\appupdate.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\AutoProcess.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\dbupdate.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\enemies.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\knownfiles.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\monstate.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\PortSpec.ats %ProgramFiles%\WinAntiSpyware 200? Scanner\database\quaratine.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\RTMonitor.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\Summary.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\tasks.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\database\TEBase.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\InstHelp.exe %ProgramFiles%\WinAntiSpyware 200? Scanner\lapv.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\license.rtf %ProgramFiles%\WinAntiSpyware 200? Scanner\manual.url %ProgramFiles%\WinAntiSpyware 200? Scanner\pv.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\shellext.dll %ProgramFiles%\WinAntiSpyware 200? Scanner\sr.log %ProgramFiles%\WinAntiSpyware 200? Scanner\support.url %ProgramFiles%\WinAntiSpyware 200? Scanner\unins000.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\unins000.exe %ProgramFiles%\WinAntiSpyware 200? Scanner\updater.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\Updater.exe %ProgramFiles%\WinAntiSpyware 200? Scanner\uwas6chk.dll %ProgramFiles%\WinAntiSpyware 200? Scanner\uwasffNT.exe %ProgramFiles%\WinAntiSpyware 200? Scanner\vbpv.dat %ProgramFiles%\WinAntiSpyware 200? Scanner\was6.exe %ProgramFiles%\WinAntiSpyware 200? Scanner\WAS6.url %COMMONFILES%\WinAntiSpyware 200?\was6chk.dll %ProgramFiles%\WinAntiSpyware 200?\Activate.dat %ProgramFiles%\WinAntiSpyware 200?\AsAgents.dll %ProgramFiles%\WinAntiSpyware 200?\AsAgents.xml %ProgramFiles%\WinAntiSpyware 200?\database\enemies.dat %ProgramFiles%\WinAntiSpyware 200?\database\knownfiles.dat %ProgramFiles%\WinAntiSpyware 200?\database\TEBase.dat %ProgramFiles%\WinAntiSpyware 200?\InstHelp.exe %ProgramFiles%\WinAntiSpyware 200?\lapv.dat %ProgramFiles%\WinAntiSpyware 200?\license.rtf %ProgramFiles%\WinAntiSpyware 200?\manual.pdf %ProgramFiles%\WinAntiSpyware 200?\ps.dat %ProgramFiles%\WinAntiSpyware 200?\pv.dat %ProgramFiles%\WinAntiSpyware 200?\shellext.xml %ProgramFiles%\WinAntiSpyware 200?\shellext.dll %ProgramFiles%\WinAntiSpyware 200?\support.exe %ProgramFiles%\WinAntiSpyware 200?\threatnet.ini %ProgramFiles%\WinAntiSpyware 200?\unins000.dat %ProgramFiles%\WinAntiSpyware 200?\unins000.exe %ProgramFiles%\WinAntiSpyware 200?\UnWizard.exe %ProgramFiles%\WinAntiSpyware 200?\unwizard.xml %ProgramFiles%\WinAntiSpyware 200?\updater.dat %ProgramFiles%\WinAntiSpyware 200?\vbpv.dat %ProgramFiles%\WinAntiSpyware 200?\was6.exe %ProgramFiles%\WinAntiSpyware 200?\WAS6.url %ProgramFiles%\WinAntiSpyware 200?\WAS6.xml %ProgramFiles%\WinAntiSpyware 200?\wasffNT.exe %sysdir%\drivers\uwasfsd.sys %sysdir%\drivers\ApiMon.sys %sysdir%\drivers\wasfsd.sys %sysdir%\stera.exe %APPDATA%\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware 200?.lnk %DESKTOP%\WinAntiSpyware 200?.lnk %START_PROGRAMSALL%\WinAntiSpyware 200?\Feedback on Support Quality.lnk %START_PROGRAMSALL%\WinAntiSpyware 200?\Report Software Defect.lnk %START_PROGRAMSALL%\WinAntiSpyware 200?\Request for Instructions.lnk %START_PROGRAMSALL%\WinAntiSpyware 200?\Share Your Suggestions.lnk %START_PROGRAMSALL%\WinAntiSpyware 200?\Uninstall WinAntiSpyware 200?.lnk %START_PROGRAMSALL%\WinAntiSpyware 200?\WinAntiSpyware 200? Manual.lnk %START_PROGRAMSALL%\WinAntiSpyware 200?\WinAntiSpyware 200? on the Web.lnk %START_PROGRAMSALL%\WinAntiSpyware 200?\WinAntiSpyware 200?.lnk
Files by Directories %START_PROGRAMSALL%\WinAntiSpyware 200? %ProgramFiles%\WinAntiSpyware 200?
Files by CLSID or Name CLSID=1230649B-B980-44A5-B259-9B09EBEA6331 CLSID=1236DE55-EDED-4675-AF10-BA15EDDB4D7A CLSID=ABCD4567-76B5-4bc7-AAC5-396D70925B11 CLSID=C17AFED2-C614-4B4D-BC81-308769DDE4B7 CLSID=9ED262FC-7F5E-45F1-AB99-D116ACCA6236 CLSID=ABCD4567-76B5-4bc7-AAC5-396D70925B22
Registry Keys HKLM\SOFTWARE\Classes\?\shellex\ContextMenuHandlers\ExplorerUWAS HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS HKLM\SOFTWARE\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096} HKLM\SOFTWARE\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411} HKLM\SOFTWARE\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611} HKLM\SOFTWARE\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D} HKLM\SOFTWARE\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6} HKLM\SOFTWARE\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411} HKLM\SOFTWARE\Classes\UWAS6.UWAS6 HKLM\SOFTWARE\Classes\uwasfsd.CreationNotifier HKLM\SOFTWARE\Classes\uwasfsd.CreationNotifier.1 HKLM\SOFTWARE\Classes\uwashellext.ShellHook HKLM\SOFTWARE\Classes\uwashellext.ShellHook.1 HKLM\SOFTWARE\Classes\uwashellext.WASContextMenu HKLM\SOFTWARE\Classes\uwashellext.WASContextMenu.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 200? Scanner_is1 HKLM\SOFTWARE\WinAntiSpyware 200? Scanner HKLM\SYSTEM\ControlSet001\Services\uwasfsd HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd HKLM\SOFTWARE\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422} HKLM\SOFTWARE\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422} HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1 HKLM\SOFTWARE\WinAntiSpyware 200? HKCU\Software\WinAntiSpyware 200? HKLM\SYSTEM\CurrentControlSet\Services\wasfsd HKLM\SOFTWARE\Classes\?\shellex\ContextMenuHandlers\ExplorerWAS HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS HKLM\SOFTWARE\Classes\UWAS6.UWAS6 HKLM\SOFTWARE\Classes\washellext.WASContextMenu HKLM\SOFTWARE\Classes\washellext.WASContextMenu.1 HKLM\SOFTWARE\Classes\WASPChk.WASPChk
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=WinAntiSpyware 200? Scanner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ValueName=WinAntiSpyware 200? Scanner

« Go to Software Database

Search in Our Software Database

Browse Software Database

Latest Malware News

September 23, 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Older malware news »