Home > Threats > WinAntiSpyware

What is WinAntiSpyware

Posted on 01 November 2007 under Rogue Programs

1. What is WinAntiSpyware?

Rogue AntiSpyware program called WinAntiSpyware is showing computer security alerts in purpose of advertising and persuading user to buy commercial program version. Aforesaid program is not protecting PC from spyware and viruses as expected and is spread by a trojan. Add/Remove Programs Windows tool is not completely removing WinAntiSpyware.
WinAntiSpyware other names: WinAntiSpyware 2005, WinAntiSpyware 2006, WinAntiSpyware 2007.

2. How to remove WinAntiSpyware:

  1. Internet connection might be disabled or Internet browser might be blocked by WinAntiSpyware, so it won't be possible to download any files to infected computer. In this case please download all files required for WinAntiSpyware removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove WinAntiSpyware download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove WinAntiSpyware.

  5. Restart the computer to complete WinAntiSpyware removal procedure.

3. WinAntiSpyware files:

amcompatx.exe, autorun.exe is located in Startup Folder (C:\Documents and Settings\All Users\Start Menu\Programs\Startup), mav_startupmon.exe, printer.exe, uwas6cw.exe, uwas7cw.exe, uwasdc.exe, uwasers.exe, was5.exe, was6.exe, was7.exe, WinAvX.exe, WinAvXX.exe

4. Hijackthis entries:

O4 Entries
O4 - Global Startup: autorun.exe
O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [WinAntiSpyware 2005] C:\Program Files\WinAntiSpyware 2005\was5.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvX.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O23 Entries
O23 - Service: Background Intelligent Transfer Service BITSUPS (BITSUPS) - Unknown owner - C:\WINDOWS\system32\amcompatx.exe
F2 Entries
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe