SHARE
THIS ON

Facebook Twitter Google Plus

Adware.SpyGuard.Gen

VERY LOW
VERY LOW
aprox. 3Mb
(SystemStable, Adware Punisher, Spy iBlock, Remedy Antispy, Hit Virus,Adware Bazooka, SpyCut)

Symptoms

Increase network activity. Fake scan results may appear.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Razvan Benchea , virus analyst

Technical Description:

SpyGuard is a rogue security software that reports some fake scan results. The program uses ineffective malware detection engine. Although it actually checks some running processes and registry keys, spyguard can’t detect certain malware like rootkits or malware that don’t have registry entries. It doesn’t scan any files.In other words, SpyGuard can detect only some known parasite components. Spyguard can also give false alerts if it finds some registry keys with some values. It performs a full system scan in less then 15 seconds. It detectes the following fake results ( spyware.adblock, spyware.cashtoolbar, spyware.hitexchange ) on every computer where it`s installed.

In order to remove the parasites it finds, the product asks the user to register and purchase the full product.

When executed, SpyGuards installs
• the following files on disk:

%install-folder%\Scripts\AutoExec.sss
%install-folder%\Scripts\SpyGuard.sss
%install-folder%\Uninstall.exe
%install-folder%\UnzDll.dll
%install-folder%\spyguard.exe
%install-folder%\spyguard_monitor.exe

• the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Spy Guard\(default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Spy Guard\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Spy Guard\uninstallString
HKEY_CURRENT_USER\Software\TheSpyGuard\(Default)
HKEY_CURRENT_USER\Software\TheSpyGuard\Options\(Default)
HKEY_CURRENT_USER\Software\TheSpyGuard\Options\ AutoScanOnStartup
HKEY_CURRENT_USER\Software\TheSpyGuard\Options\ ShowUnknown
HKEY_CURRENT_USER\Software\TheSpyGuard\Options\ StartMonWithWindows
HKEY_CURRENT_USER\Software\TheSpyGuard\Options\ StartWithWindows
HKEY_CURRENT_USER\Software\TheSpyGuard\Options\aff
HKEY_CURRENT_USER\Software\TheSpyGuard\Options\saff




It also creates the autorun registry values “The Spy Guard” and “The Spy Guard Monitor” in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

There are many clones of this program: SystemStable, Adware Punisher, Spy iBlock, Remedy Antispy, Hit Virus,Adware Bazooka, SpyCut. They all have a resembling interface, consist from similar components and display the same fake scan results.


Adware.Bazooka



Adware.SpyGuard


Adware.SpyCut



Adware.Punisher


Adware.HitVirus


Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources