WorldAntiSpy

WorldAntiSpy

Updated:
13 February 2007
Publisher:
WorldAntiSpy
Risk Impact:
Medium
File Names:
WorldAntiSpy.exe Setup.exe
Systems Affected:
Windows

Behavior


WorldAntiSpy is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.

Symptoms


Your Symantec program detects WorldAntiSpy

Behavior


This security risk is manually downloaded and installed.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 01 February 2015 revision 020
  • Initial Daily Certified version 06 April 2006
  • Latest Daily Certified version 17 January 2008 revision 033
  • Initial Weekly Certified release date 12 April 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When ScanandRepair is installed, it performs the following actions:
  1. Creates the following folder:

    %ProgramFiles%\WorldAntiSpy

    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following files:

    • C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\WorldAntiSpy.lnk
    • C:\Documents and Settings\Administrator\Desktop\WorldAntiSpy.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WorldAntiSpy.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\WorldAntiSpy\Uninstall WorldAntiSpy.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\WorldAntiSpy\WorldAntiSpy.lnk
    • C:\Documents and Settings\Administrator\Application Data\Skinux\WorldAntiSpy\Profile.xml
    • %ProgramFiles%\WorldAntiSpy\imagehlp.dll
    • %ProgramFiles%\WorldAntiSpy\license.txt
    • %ProgramFiles%\WorldAntiSpy\Scanner\Base\base.dat
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\accel.xml
    • %ProgramFiles%\WorldAntiSpy\unicows.dll
    • %ProgramFiles%\WorldAntiSpy\unins000.dat
    • %ProgramFiles%\WorldAntiSpy\unins000.exe
    • %ProgramFiles%\WorldAntiSpy\WorldAntiSpy.exe
    • %ProgramFiles%\WorldAntiSpy\WorldAntiSpy.ico
    • %ProgramFiles%WorldAntiSpy\BaseV.tmp
    • %ProgramFiles%WorldAntiSpy\version.tmp

  3. Creates the following subfolders in the folders %ProgramFiles%\WorldAntiSpy containing various files:

    • %ProgramFiles%WorldAntiSpy\Monitor\Snapshot
    • %ProgramFiles%\WorldAntiSpy\Monitor
    • %ProgramFiles%\WorldAntiSpy\Scanner
    • %ProgramFiles%\WorldAntiSpy\Scanner\Base
    • %ProgramFiles%\WorldAntiSpy\Skinux
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\by_now
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\close
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\connection_settings
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\live_suppport
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\minimize
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\options
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\PBabout
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\PBie
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\PBpcshield
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\PBquarantine
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\PBscan
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\PBsysinfo
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\PBUpdate
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\red_simple
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\Register
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\remove_button
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\simple
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\simple_large
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Buttons\sysinfo
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\arrow_down
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\arrow_up
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update
    • %ProgramFiles%\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\windows
    • C:\Documents and Settings\Administrator\Application Data\Skinux\WorldAntiSpy

  4. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1
    HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\General



The following instructions pertain to all Symantec antivirus products that support security risk detection.
  1. Update the definitions.
  2. Uninstall the security risk.
  3. Run the scan.
  4. Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.
  1. To update the definitions
    To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
  2. To remove the risk
    This security risk includes an uninstallation applet. In order to uninstall this security risk, complete the following instructions:

    a. Delete the following files and folders if they exist:

    %ProgramFiles%\WorldAntiSpy
    C:\Documents and Settings\All Users\Start Menu\Programs\WorldAntiSpy
    C:\Documents and Settings\Administrator\Application Data\Skinux\WorldAntiSpy
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\WorldAntiSpy.lnk
    C:\Documents and Settings\Administrator\Desktop\WorldAntiSpy.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WorldAntiSpy.lnk

  3. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document: How to make a backup of the Windows registry .
  1. Click Start > Run.
  2. Type regedit

    Then click OK.

    Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
  3. Navigate to and delete the following registry entries if they exist:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1
    HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\General

  4. Exit the Registry Editor.