Virus.BAT.Gary.705
Virus.BAT.Gary.705 is nothing more than a bogus parasite planted onto your computer by the fake spyware remover Windows Security Suite. Virus.BAT.Gary.705 appears in falsified security alert messages. These Virus.BAT.Gary.705 pop-up windows read as follows:
"Your computer is infected. Warning! Spyware found! Detected: Spyware; File Name: exec.sys; Name: Virus.BAT.Gary.705... This is a dangerous non-memory resident BAT infector. It writes itself to the end of C:\AUTOEXEC.BAT file."
This Virus.BAT.Gary.705 warning notification is a fake, designed to fool you into purchasing the rogue spyware remover Windows Security Suite. Assuming that Virus.BAT.Gary.705 was even located on your PC, the only thing Windows Security Suite is concerned with removing is money from your credit card.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Security Suite.lnk 2 %UserProfile%\Application Data\Windows Security Suite 3 %UserProfile%\Application Data\Windows Security Suite\cookies.sqlite 4 %UserProfile%\Application Data\Windows Security Suite\Instructions.ini 5 %UserProfile%\Desktop\Windows Security Suite.lnk 6 %UserProfile%\Recent\ANTIGEN.drv 7 %UserProfile%\Recent\CLSV.exe 8 %UserProfile%\Recent\DBOLE.drv 9 %UserProfile%\Recent\dudl.sys 10 %UserProfile%\Recent\energy.dll 11 %UserProfile%\Recent\grid.dll 12 %UserProfile%\Recent\grid.sys 13 %UserProfile%\Recent\kernel32.dll 14 %UserProfile%\Recent\PE.dll 15 %UserProfile%\Recent\PE.tmp 16 %UserProfile%\Recent\runddl.dll 17 %UserProfile%\Recent\SM.dll 18 %UserProfile%\Recent\snl2w.exe 19 %UserProfile%\Recent\std.exe 20 %UserProfile%\Recent\tempdoc.dll 21 %UserProfile%\Start Menu\Programs\Windows Security Suite.lnk 22 %UserProfile%\Start Menu\Windows Security Suite.lnk 23 c:\ADWARE_LOG 24 c:\Documents and Settings\All Users\Application Data\345d567 25 c:\Documents and Settings\All Users\Application Data\345d567\26.mof 26 c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll 27 c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll 28 c:\Documents and Settings\All Users\Application Data\345d567\WI345d.exe 29 c:\Documents and Settings\All Users\Application Data\345d567\WINSS.ico 30 c:\Documents and Settings\All Users\Application Data\345d567\WINSSSys 31 c:\Documents and Settings\All Users\Application Data\345d567\WINSSSys\vd952342.bd 32 c:\Documents and Settings\All Users\Application Data\345d567\working.log 33 c:\Documents and Settings\All Users\Application Data\WINSSSys 34 c:\Documents and Settings\All Users\Application Data\WINSSSys\winss.cfg 35 c:\Program Files\Mozilla Firefox\searchplugins\search.xml
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "698909210803"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Security Suite"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.