What is WinAntiSpyware?
- Type: Spyware
- Category: Rogue Programs
- Discovered: 01 November 2007
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
Rogue AntiSpyware program called WinAntiSpyware is showing computer security alerts in purpose of advertising and persuading user to buy commercial program version. Aforesaid program is not protecting PC from spyware and viruses as expected and is spread by a trojan. Add/Remove Programs Windows tool is not completely removing WinAntiSpyware.
WinAntiSpyware other names: WinAntiSpyware 2005, WinAntiSpyware 2006, WinAntiSpyware 2007.
WinAntiSpyware other names: WinAntiSpyware 2005, WinAntiSpyware 2006, WinAntiSpyware 2007.
2. WinAntiSpyware removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. WinAntiSpyware files:
amcompatx.exe, autorun.exe is located in Startup Folder (C:\Documents and Settings\All Users\Start Menu\Programs\Startup), mav_startupmon.exe, printer.exe, uwas6cw.exe, uwas7cw.exe, uwasdc.exe, uwasers.exe, was5.exe, was6.exe, was7.exe, WinAvX.exe, WinAvXX.exe4. Hijackthis entries:
O4 Entries
O4 - Global Startup: autorun.exe
O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [WinAntiSpyware 2005] C:\Program Files\WinAntiSpyware 2005\was5.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvX.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O23 Entries
O23 - Service: Background Intelligent Transfer Service BITSUPS (BITSUPS) - Unknown owner - C:\WINDOWS\system32\amcompatx.exe
F2 Entries
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O4 - Global Startup: autorun.exe
O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [WinAntiSpyware 2005] C:\Program Files\WinAntiSpyware 2005\was5.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvX.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O23 Entries
O23 - Service: Background Intelligent Transfer Service BITSUPS (BITSUPS) - Unknown owner - C:\WINDOWS\system32\amcompatx.exe
F2 Entries
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe