WorldAntiSpy

WorldAntiSpy is a purported anti-spyware application to scan for and remove spyware from users' computers.WorldAntiSpy is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent. Once downloaded an icon for the program appears on the desktop and periodically windows for the program pop up on the desktop and display false scan results of spyware supposedly found on the computer as a scare tactic to goad users to pay for the program. It is advertised on web pages designed to look like security sites with false warnings of non-existent malware named W32.Sinnaka.A@mm. WorldAntiSpy may also inappropriately collect personally identifiable information0

General information:

Malware Name: WorldAntiSpy
Malware Type: Rogue Security Program
Company Name: WorldAntiSpy
Company URL: http://www.worldantispy.com/
Threat Level: Elevated Risk
Operating System: WIN XP
Installation Type: Installed through EXE
Operation: Time of After Installation.

Company Description:

WorldAntiSpy.com was developed as the most efficient spyware cleaner with realtime protection. It has Euristic scanning (even unknown viruses are found and deleted). It provides real time protection of Internet Explorer and PC security. All hidden details about system can be found in System Info. It updates weekly database and software. It provides friendly support.

Spyware Description:

WorldAntiSpy is a purported anti-spyware application to scan for and remove spyware from users' computers.WorldAntiSpy is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent. Once downloaded an icon for the program appears on the desktop and periodically windows for the program pop up on the desktop and display false scan results of spyware supposedly found on the computer as a scare tactic to goad users to pay for the program. It is advertised on web pages designed to look like security sites with false warnings of non-existent malware named W32.Sinnaka.A@mm. WorldAntiSpy may also inappropriately collect personally identifiable information0

Characteristics/Symptoms:

    -> False positives work as good to purchase -> False scan results -> Uses inadequate scan/detection scheme -> Uses out of date ref database0

Additional information might be found here:

google Search at Google for WorldAntiSpy
bing Search at Bing for WorldAntiSpy
yahoo Search at Yahoo for WorldAntiSpy

Processes Running:

WorldAntiSpy.exe

File information Created after Installation:

File Location Size (Bytes) Type
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_autorun_on.png 814 PNG Image
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_runproc_on.png 1081 PNG Image
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_runproc_over.png 1099 PNG Image

Folder information Created after Installation:

Folder Location
C:\Program Files\WorldAntiSpy
C:\Program Files\WorldAntiSpy\Monitor

Registry information Created after Installation:

Main Registry Key Sub Registry Key Key Value Name
HKEY_LOCAL_MACHINE \SOFTWARE\WorldAntiSpy.com\Quarantine QuarantineFolder
HKEY_LOCAL_MACHINE \SOFTWARE\WorldAntiSpy.com\Scanner Base
HKEY_LOCAL_MACHINE \SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_TOOLBARS