« Trojan Redirects Firefox Browser to “Insecure Internet Activity” Hijacker Page
Antivirus 2010 »

PersonalAntispy

No Comments
GoldSparrow By GoldSparrow in Rogue Anti-Spyware Program | 98 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

PersonalAntispy Description

PersonalAntispy or Personal Anti Spy, is a rogue anti-spyware program often installed by a Trojan through browser security holes. The user may have also downloaded PersonalAntispy’s trial version from a rogue website thinking it would remove his/her spyware infections. Once installed, the user may receive numerous popups from known websites stating that the user’s computer is infested with a large amount of spyware. If the user is tricked into clicking on this popup, he/she will be immediately redirected to PersonalAntispy’s website or other malicious websites (such as antispy.biz and personalantispy.com) for an “online scan”.

Once PersonalAntispy emulates its computer system scan, it will generate a list of supposed spyware infections found in the user’s computer system. These results are totally bogus, they are only meant to urge you to purchase PersonalAntispy’s full version to remove the imaginary threats. PersonalAntispy may cause computer slowdowns.

Type: Spyware

Automatic Detection of PersonalAntispy

 
 

Download SpyHunter’s Detection Scanner
to Detect PersonalAntispy.

 
 

PersonalAntispy Technical Report

As new PersonalAntispy details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following PersonalAntispy files with its MD5s were created in the system:

File Name File Size MD5
personalantispy_free[1].exe 5562648 28131f8a38e93e04b16a930f0505ef36
uwasfsd.sys 11776 f57353594b608f972d72e30fc0117ef3
personalantispy_ifree[1].exe 1804792 92a0d9510778fcdd3d3f35abb66b05fc
uwasffNT.exe 61440 d1c8a6485512baece681ce7c4d5a4dcd
upascw.exe 114688 d20f08d6cf23ccd30c64ec9b59d8bce8
AsAgents.dll 394752 f67182d792bac7b3e20f0de4fbaa16a9
PersonalAntiSpySetup.exe 5536464 20749601e4126d2dd6a66db51b5221e2
pas.exe 2043904 b3b91e33709eae8087714e645a567e8e
pbm.exe 540672 cf02c073938bef326ffd6e2621567347
pbm.exe 1069056 8b1e119e497e84e50837f38edb1069b1
PersonalAntiSpy_Installer_Dual_en[1].exe 485888 d440f3d548946f2cd4a0056f29f32854
PersonalAntiSpy_Setup_Dual_en.exe 6391864 b4905809408a27f1074b10523781023b
shellext.dll 103424 0e9b485b68078d49e1b4c1c448568a1b
shellext.dll 102912 3ede49d8bd790a89108ba1e30b2b358a
pascw.exe 114688 b7f708188f9ebec3d038545be113f253

PersonalAntispy has typically the following processes in memory:

  • personalantispy_ifree[1].exe
  • c:\Program Files\PersonalAntiSpy Free\AsAgents.dll
  • c:\Program Files\PersonalAntiSpy Free\msvcr71.dll
  • c:\Program Files\PersonalAntiSpy Free\unins000.exe
  • c:\Program Files\PersonalAntiSpy Free\shellext.dll
  • c:\Program Files\Common Files\PersonalAntiSpy\pbm.exe
  • c:\WINDOWS\system32\gdiplus.dll
  • pbm.exe
  • PersonalAntiSpy_Setup_Dual_en.exe
  • uwasfsd.sys
  • PersonalAntiSpySetup.exe
  • c:\Program Files\PersonalAntiSpy Free\InstHelp.exe
  • c:\Program Files\PersonalAntiSpy Free\msvcp71.dll
  • c:\Program Files\PersonalAntiSpy Free\upascw.exe
  • c:\Program Files\PersonalAntiSpy Free\uwasffNT.exe
  • c:\WINDOWS\system32\atl71.dll
  • c:\WINDOWS\system32\drivers\uwasfsd.sys
  • PersonalAntiSpy_Installer_Dual_en[1].exe
  • personalantispy_free[1].exe
  • upascw.exe
  • c:\Program Files\PersonalAntiSpy Free\atl71.dll
  • c:\Program Files\PersonalAntiSpy Free\mfc71.dll
  • c:\Program Files\PersonalAntiSpy Free\pas.exe
  • c:\Program Files\PersonalAntiSpy Free\UserAgent.dll
  • c:\WINDOWS\system32\mfc71.dll
  • c:\WINDOWS\system32\msvcp71.dll
  • PersonalAntiSpy_Installer_Dual_en.exe

PersonalAntispy created the following directories, files, paths:

  • %ProgramFiles%\PersonalAntiSpy Free
  • %AppData%\PersonalAntiSpy
  • %AllUsersProfile%\Application Data\PersonalAntiSpy
  • %AllUsersProfile%\Start Menu\Programs\PersonalAntiSpy
  • %CommonProgramFiles%\PersonalAntiSpy

PersonalAntispy creates the following registry entries:

  • *\shellex\ContextMenuHandlers\ExplorerUPAS
  • upashellext.ShellHook.1
  • HKEY_CURRENT_USER\Software\PersonalAntiSpy Free
  • HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerUPAS
  • HKEY_CLASSES_ROOT\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
  • HKEY_CLASSES_ROOT\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
  • HKEY_CLASSES_ROOT\upashellext.WASContextMenu.1
  • HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier
  • HKEY_CLASSES_ROOT\CLSID\{1924FA29-9740-4F6B-A683-90FB42FC1237}
  • HKEY_CLASSES_ROOT\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “PersonalAntiSpy Free”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “UPAS 3.2.155.0″
  • 5CAB6A79-7710-405a-9B08-A13E908534E9
  • PersonalAntiSpy Free
  • upashellext.ShellHook
  • upashellext.WASContextMenu.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\PersonalAntiSpy Free
  • HKEY_CLASSES_ROOT\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
  • HKEY_CLASSES_ROOT\TypeLib\{C766ED4F-EF37-4C77-8F71-288661A2D513}
  • HKEY_CLASSES_ROOT\upashellext.WASContextMenu
  • HKEY_CLASSES_ROOT\upashellext.ShellHook.1
  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ExplorerUPAS
  • HKEY_CLASSES_ROOT\CLSID\{5CAB6A79-7710-405a-9B08-A13E908534E9}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “upascw”
  • Directory\shellex\ContextMenuHandlers\ExplorerUPAS
  • PersonalAntiSpy
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\1924FA29-9740-4F6B-A683-90FB42FC1237
  • C766ED4F-EF37-4C77-8F71-288661A2D513
  • upashellext.WASContextMenu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PersonalAntiSpy Free_is1
  • HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerUPAS
  • HKEY_CLASSES_ROOT\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
  • HKEY_CLASSES_ROOT\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
  • HKEY_CLASSES_ROOT\upashellext.ShellHook
  • HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier.1
  • HKEY_CLASSES_ROOT\CLSID\{_CLSID_WAShellExecuteCheck}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwasfsd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “PASMonitor”
  • Drive\shellex\ContextMenuHandlers\ExplorerUPAS
  • 1924FA29-9740-4F6B-A683-90FB42FC1237

Important Article Disclaimer

article disclaimer
ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 10/7/08 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs


Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2009. Enigma Software Group USA, LLC. All Rights Reserved.