AdwarePunisher

It is a purported anti-spyware application to scan for and remove spyware from users' computers. It is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent. When it is downloaded through an exploit, it puts a red icon in the system tray and shows a false warning that the computer is infected with spyware. Its free scan reports multiple false positives in order to frighten the user into paying for the program. It is set to load at Windows start up. It may also display pop-up warnings of spyware on the computer as a scare tactic. 0

General information:

Malware Name:AdwarePunisher
Malware Type:Rogue Security Program
Company Name:Nelroy LTD
Company URL:http://adwarepunisher.com/
Threat Level:Elevated Risk
Operating System:WIN XP
Installation Type:Installed through EXE
Operation:Time of After Installation.

Company Description:

Adware Punisher is an award winning Anti-Spyware Software created by Nelroy LTD to provide the complete solution to the Internet's most fearsome threat. Developed and thoroughly tested for more than 4 years, Adware Punisher is the most technologically advanced Anti-Spyware tool on the Web today. Nelroy LTD innovative and fundamentally perfected security solutions for internet users. Trusted by an astounding amount of home users, as well as some of the world’s largest hi-tech companies, the Adware Punisher program is the ultimate Anti-Spyware tool available online today. After years of development and methodical testing, Nelroy LTD proudly presents the answer to the Internet's latest threat – the Spyware (on its different forms, shapes and names- Adware, Malware, Keyloggers, Browser Hijackers, Worms, Hacker Tools, PC Parasites, Trojan Horses, Spy Programs and Trackware) are the dangers of the new era.

Spyware Description:

It is a purported anti-spyware application to scan for and remove spyware from users' computers. It is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent. When it is downloaded through an exploit, it puts a red icon in the system tray and shows a false warning that the computer is infected with spyware. Its free scan reports multiple false positives in order to frighten the user into paying for the program. It is set to load at Windows start up. It may also display pop-up warnings of spyware on the computer as a scare tactic. 0

Characteristics/Symptoms:

    -> False positives work as good to purchase -> False scan results -> Uses inadequate scan/detection scheme -> Uses out of date ref database0

Additional information might be found here:

googleSearch at Google for AdwarePunisher
bingSearch at Bing for AdwarePunisher
yahooSearch at Yahoo for AdwarePunisher

Processes Running:

adwarepunisher.exe

File information Created after Installation:

File LocationSize (Bytes)Type
C:\Documents and Settings\sapna\Desktop\AdwarePunisher.lnk658Shortcut
C:\Program Files\AdwarePunisher\adwarepunisher.dll3889664Application Extension
C:\Program Files\AdwarePunisher\adwarepunisher.exe928768Application

Folder information Created after Installation:

Folder Location
C:\Program Files\AdwarePunisher
C:\Program Files\AdwarePunisher\Quarantine

Registry information Created after Installation:

Main Registry KeySub Registry KeyKey Value Name
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunAdware Punisher Monitor
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallAdwarePunisherDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwarePunisheruninstallString