Home / malware Adware.SpyGuard.Gen
First posted on 21 November 2011.
Source: BitDefenderAliases :
Adware.SpyGuard.Gen is also known as SystemStable, Adware, Punisher, Spy, iBlock, Remedy, Antispy, Hit, Virus,Adware, Bazooka, SpyCut.
Explanation :
SpyGuard is a rogue security software that reports some fake scan results.The program uses ineffective malware detection engine. Although it actually checks some running processes and registry keys, spyguard can’t detect certain malware like rootkits or malware that don’t have registry entries. It doesn’t scan any files.In other words, SpyGuard can detect only some known parasite components. Spyguard can also give false alerts if it finds some registry keys with some values. It performs a full system scan in less then 15 seconds. It detectes the following fake results ( spyware.adblock, spyware.cashtoolbar, spyware.hitexchange ) on every computer where it`s installed.
In order to remove the parasites it finds, the product asks the user to register and purchase the full product.
When executed, SpyGuards installs
•the following files on disk:
%install-folder%ScriptsAutoExec.sss
%install-folder%ScriptsSpyGuard.sss
%install-folder%Uninstall.exe
%install-folder%UnzDll.dll
%install-folder%spyguard.exe
%install-folder%spyguard_monitor.exe
•the following registry entries:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallThe Spy Guard(default)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallThe Spy GuardDisplayName
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallThe Spy GuarduninstallString
HKEY_CURRENT_USERSoftwareTheSpyGuard(Default)
HKEY_CURRENT_USERSoftwareTheSpyGuardOptions(Default)
HKEY_CURRENT_USERSoftwareTheSpyGuardOptions AutoScanOnStartup
HKEY_CURRENT_USERSoftwareTheSpyGuardOptions ShowUnknown
HKEY_CURRENT_USERSoftwareTheSpyGuardOptions StartMonWithWindows
HKEY_CURRENT_USERSoftwareTheSpyGuardOptions StartWithWindows
HKEY_CURRENT_USERSoftwareTheSpyGuardOptionsaff
HKEY_CURRENT_USERSoftwareTheSpyGuardOptionssaff
It also creates the autorun registry values “The Spy Guard” and “The Spy Guard Monitor” in:
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
There are many clones of this program: SystemStable, Adware Punisher, Spy iBlock, Remedy Antispy, Hit Virus,Adware Bazooka, SpyCut. They all have a resembling interface, consist from similar components and display the same fake scan results.
Adware.Bazooka
Adware.SpyGuard
Adware.SpyCut
Adware.Punisher
Adware.HitVirusLast update 21 November 2011
