What is WinAntiSpyware?

Type: Spyware | Category: Rogue Programs | Discovered: 01 November 2007

Rogue AntiSpyware program called WinAntiSpyware is showing computer security alerts in purpose of advertising and persuading user to buy commercial program version. Aforesaid program is not protecting PC from spyware and viruses as expected and is spread by a trojan. Add/Remove Programs Windows tool is not completely removing WinAntiSpyware.
WinAntiSpyware other names: WinAntiSpyware 2005, WinAntiSpyware 2006, WinAntiSpyware 2007.

WinAntiSpyware removal tool:

Spyware Doctor (see here for the installation guide)

WinAntiSpyware Entries:

The following files are created:
amcompatx.exe, autorun.exe is located in Startup Folder (C:\Documents and Settings\All Users\Start Menu\Programs\Startup), mav_startupmon.exe, printer.exe, uwas6cw.exe, uwas7cw.exe, uwasdc.exe, uwasers.exe, was5.exe, was6.exe, was7.exe, WinAvX.exe, WinAvXX.exe

Hijackthis Entries:

O4 Entries
O4 - Global Startup: autorun.exe
O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [WinAntiSpyware 2005] C:\Program Files\WinAntiSpyware 2005\was5.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvX.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O23 Entries
O23 - Service: Background Intelligent Transfer Service BITSUPS (BITSUPS) - Unknown owner - C:\WINDOWS\system32\amcompatx.exe
F2 Entries
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe