间谍软件MaxAntiSpy
作者:
文章来源:

概述
类别
Rogue Security Software:  使用欺骗性手段进行安装和进行其他企图的安全软件。安装后，流氓软件通常使用威吓手段通知用户在他们的系统中已经安装了间谍程序或恶意程序。之后流氓安全软件要求用户付款以取得解决方法。这些应用程序可能与具有不同目的的其他恶意程序捆绑出现。该类型软件通常以反间谍程序或防病毒应用程序的形式出现。

发源
发源日期
  2008年8月 

检测和删除
手工删除
按照以下步骤从您的机器删除MaxAntiSpy。先备份您的注册表和系统，并设置一个还原点，防止发生错误。
自动运行的引用：
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run maxantispy

撤消 DLL 的注册:
使用 Regsvr32 撤销以下 DLLs 的注册，然后重启：
%program_files%\maxantispy\sysbackup\wininet.dll
%program_files%\maxantispy\sysbackup\shlwapi.dll

清除注册表:
使用注册表编辑器清除以下注册项（如果存在）：
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 helplink
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 inno setup: app path
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 inno setup: deselected tasks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 inno setup: icon group
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 inno setup: selected tasks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 inno setup: setup version
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 inno setup: user
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 installdate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 installlocation
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 nomodify
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 norepair
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 publisher
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 quietuninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 urlinfoabout
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\maxantispy_is1 urlupdateinfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter displayname
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter errorcontrol
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter imagepath
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter start
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter type
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter\enum count
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter\enum initstartfailed
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter\enum nextinstance
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\maxantispyfilter\security security
HKEY_CURRENT_USER\software\maxantispy
HKEY_CURRENT_USER\software\maxantispy\firstrun
HKEY_CURRENT_USER\software\maxantispy\options aff
HKEY_CURRENT_USER\software\maxantispy\options autoscanonstartup
HKEY_CURRENT_USER\software\maxantispy\options autoupdate
HKEY_CURRENT_USER\software\maxantispy\options billingurl
HKEY_CURRENT_USER\software\maxantispy\options billingurlapproved
HKEY_CURRENT_USER\software\maxantispy\options enablesysbackup
HKEY_CURRENT_USER\software\maxantispy\options firstrunminimize
HKEY_CURRENT_USER\software\maxantispy\options helpurl
HKEY_CURRENT_USER\software\maxantispy\options labelurl
HKEY_CURRENT_USER\software\maxantispy\options lastscan
HKEY_CURRENT_USER\software\maxantispy\options minimizetotray
HKEY_CURRENT_USER\software\maxantispy\options offsiteurl
HKEY_CURRENT_USER\software\maxantispy\options programversion
HKEY_CURRENT_USER\software\maxantispy\options registerurl
HKEY_CURRENT_USER\software\maxantispy\options startminimized
HKEY_CURRENT_USER\software\maxantispy\options startwithwindows
HKEY_CURRENT_USER\software\maxantispy\options totalscans
HKEY_CURRENT_USER\software\maxantispy\options transactionkey
HKEY_CURRENT_USER\software\maxantispy\options updateurl
HKEY_CURRENT_USER\software\maxantispy\options versionurl
HKEY_CURRENT_USER\software\maxantispy\register
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run maxantispy
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run maxantispy

删除文件:
使用资源管理器删除以下文件（如果存在）：
maxantispy.exe
%common_programs%\maxantispy\äåèíñòàëëèðîâàòü maxantispy.lnk
%common_programs%\maxantispy\maxantispy.lnk
%common_programs%\maxantispy\ñàéò maxantispy â èíòåðíåòå.lnk
%desktopdirectory%\maxantispy.lnk
%profile%\application data\microsoft\internet explorer\quick launch\maxantispy.lnk
%program_files%\maxantispy\backup.lst
%program_files%\maxantispy\languages\ðóññêèé.lng
%program_files%\maxantispy\unins000.exe
%program_files%\maxantispy\ver.dat
%program_files%\maxantispy\whitelist.cfg
%program_files%\maxantispy\maxantispyupdate.exe
%program_files%\maxantispy\pn.cfg
%program_files%\maxantispy\spyware.dat
%program_files%\maxantispy\maxantispy.exe
%program_files%\maxantispy\maxantispy.url
%program_files%\maxantispy\sysbackup\explorer.exe
%program_files%\maxantispy\sysbackup\explorer.exe.md5
%program_files%\maxantispy\sysbackup\ntoskrnl.exe
%program_files%\maxantispy\sysbackup\ntoskrnl.exe.md5
%program_files%\maxantispy\sysbackup\shlwapi.dll
%program_files%\maxantispy\sysbackup\shlwapi.dll.md5
%program_files%\maxantispy\sysbackup\wininet.dll
%program_files%\maxantispy\sysbackup\wininet.dll.md5
%program_files%\maxantispy\unins000.dat
%program_files%\maxantispy\sysbackup\wininet.dll
%program_files%\maxantispy\sysbackup\shlwapi.dll
%program_files%\maxantispy\unins000.exe
%program_files%\maxantispy\sysbackup\ntoskrnl.exe
%program_files%\maxantispy\maxantispyupdate.exe
%program_files%\maxantispy\sysbackup\explorer.exe
%program_files%\maxantispy\maxantispy.exe

删除目录:
使用资源管理器删除以下目录（如果存在）：
%common_programs%\maxantispy
%program_files%\maxantispy
%program_files%\maxantispy\languages
%program_files%\maxantispy\quarantine
%program_files%\maxantispy\sysbackup

调查
文件分析
MaxAntiSpy

调查方式
间谍软件研究中心