|
 |
|
|
| How to delete TopSpyware (Topantispyware) - Removal tool, fix instructions |
|
TopSpyware (Topantispyware)
Name: TopSpyware
Aliases: Topantispyware, topantivirus, Adware.TopAV
Type: Spyware (Adware)
Size: 9,216 bytes
First appeared on: 29.03.2005
Damage: Medium
Brief Description:
TopSpyware is an adware program that displays an icon in the System Tray, which passes itself off as the Windows Update icon. It flashes a warning of a virus alert. If the user double-clicks on the icon, the web page http://topantivirus.biz is displayed on the web browser, offering a solution for the fake infection.
TopSpyware also modifies the Windows Desktop, and if the user double-clicks anywhere on it, the mentioned web page is also accessed.
TopSpyware reaches computers when the user accesses web pages that download other adware programs belonging to the family CWS (Cool Web Search), such as CWS.YEXE and CWS.Searchmeup.
Visible Symptoms:
TopSpyware is easy to recognize once it has affected the computer, as it displays an icon flashing a fake virus alert in the System Tray.
Additionally, TopSpyware modifies the Windows Desktop with such text:
VIRUS ALERT!
YOUR PC IS INFECTED!
IT HAS BEEN DETECTED THAT YOUR PC HAS AT LEAST 3 DANGEROUS VIRUSES!
TO KNOW FOR SURE YOU URGENTLY NEED TO RUN AN ANTIVIRUS TEST ON YOUR PC!
PROTECT YOUR PC!
REMOVE ALL VIRUSES NOW!
or
WARNING!
YOU'RE IN DANGER!
ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES,
SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH
STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.
Every site you or somebody or even something, like spyware, opened in your browser, with all images,
and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!
SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!
Technical description:
TopSpyware creates the following files:
- SVCHOSTS.DLL in the Windows system directory. This file is a DLL (Dynamic Link Library) that displays the icon in the System Tray.
- DESKTOP.HTML in the subfolder WEB of the Windows directory. This file contains the picture displayed on the Desktop.
File names: srpcsrv32.dll; txfdb32.dll; spoolsrv32.exe
Once executed, Adware.Topantispyware performs the following actions:
- Downloads a file from the iqsearch.cc domain and executes it.
- Copies itself as %Windir%\System32\spoolsrv32.exe.
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- Adds the value:
"Srv32 spool service" = "%Windir%\System32\spoolsrv32.exe"
to the registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
so that the Adware.Topantispyware runs every time Windows starts.
- Creates the following files:
%Windir%\System32\srpcsrv32.dll
%Windir%\System32\txfdb32.dll
%Windir%\Web\desktop.html
- Sets %Windir%\Web\desktop.html as the desktop wallpaper.
Propagation:
TopSpyware reaches computers when the user accesses web pages that download other adware programs belonging to the family CWS (Cool Web Search), such as CWS.YEXE and CWS.Searchmeup.
AntivirusWorld recommends:
If you're not sure you can remove the virus manually, use the following antivirus:
-
 Buy Panda Antivirus
- Latest generation antivirus
- Immediate and automatic updates against new viruses
- Complete protection
- Up-to-the-minute bulletins about new Internet threats
- Antivirus self-diagnosis and protection
- Maximum speed, minimum resource use
- Simple to use: install and forget
- Tech Support 24 hours a day, 365 days a year
|
|
|
|
|
