Content
SpyDawn
- Type
- Program
- SubType
- Win32
- Discovery Date
- 03/14/2007
- Minimum DAT
- 4984 (03/14/2007)
- Updated DAT
- 4992 (03/26/2007)
- Minimum Engine
- 5.1.00
- Description Added
- 03/14/2007
- Description Modified
- 04/03/2007 6:37 AM (PT)
Tab Navigation
Characteristics
This is not a virus or a trojan. It is detected as a "potentially unwanted program". This is an anti-spyware application claiming to remove unwanted malicious spyware programs.
File: install.exe
Hash: 633b334135ec265c2c581ee5138e6c1f
This application displays a license agreement during installation as shown below.
Upon installation following changes occur on user's system.
Registry keys created
- HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyDawn
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe
Registry key shown below is added to get execute on each reboot.
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SpyDawn"
Data: C:\Program Files\SpyDawn\SpyDawn.exe /h
Directories created
- %Program Files%\SpyDawn
- %Program Files%\SpyDawn\Lang
- %Program Files%\SpyDawn\Logs
- %Program Files%\SpyDawn\Quarantine
- %Documents and Settings%\Administrator\Start Menu\Programs\SpyDawn
Files created
- %Program Files%\SpyDawn\blacklist.txt
- %Program Files%\SpyDawn\msvcp71.dll
- %Program Files%\SpyDawn\msvcr71.dll
- %Program Files%\SpyDawn\sd.dat
- %Program Files%\SpyDawn\sd.dat.old
- %Program Files%\SpyDawn\SpyDawn.exe
- %Program Files%\SpyDawn\SpyDawn.url
- %Program Files%\SpyDawn\uninst.exe
- %Program Files%\SpyDawn\Lang\English.ini
Aliases
Aliases
- Adware.Spydawn (Doctor Web)
- Application/SpyDawn (Panda)
- not-a-virus:FraudTool.Win32.SpyHeal.a (Kaspersky L
- Program:Win32/SpyDawn (threat-c) (Microsoft MP)
- SpyAxe.ALZ (Norman NVCC)
- VirusBurst (Symantec SAVCLS)
- W32/SpyHeal (Fortinet)