_http://www.vcatch.com/download.html
_http://www.vcatch.com/download.asp

CommonSearch VCatch
Type: Spyware
Threat Level: High
Author: CommonSearch Inc/MinuteGroup

Description: CommonSearch Vcatch installs spyware products.

Advice: This is a very high risk threat and should be removed immediately as to prevent
harm to your computer or your privacy.

About Spyware: Spyware's primary purpose is to collect demographic and usage information
from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a
system or performs other activities hidden to the user. Spyware programs are usually
bundled as a hidden component and downloaded from the Internet. These modules are almost
always installed on the system secretively and try to run secretively as well.

Microsoft AntiSpyware Version: 1.0.501
This version expires on:
Current User:
Spyware Definition Version: 5689 (12.02.2005 9:30:55)

P.S.:
В папке C:\WINDOWS\system32 появились следующие файлы:
Anticipator.dll
mcAct.dll
VCatchPI.dll

+ куча ключей в реестре.

Отправил на [email protected]

Spyware Scan Details
Start Date: 18.02.2005 14:52:43
End Date: 18.02.2005 14:56:48
Total Time: 4 mins 5 secs

Detected Threats

CommonSearch VCatch Spyware more information...
Details: CommonSearch Vcatch installs spyware products.
Status: Removed
High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
C:\WINDOWS\system32\Anticipator.dll
C:\WINDOWS\system32\mcAct.dll
C:\WINDOWS\system32\VCatchPI.dll

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7}\InprocServer32 C:\WINDOWS\system32\VCatchPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7}\ProgID VCatchPI.VCScanner.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7}\TypeLib {6476FAA7-E6CF-42F7-BC88-7DFDF9425786}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7}\VersionIndependentProgID VCatchPI.VCScanner
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7} VCScanner Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner.1\CLSID {C15DFCFB-3D1C-4E50-AAC7-037B016B95F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner.1 VCScanner Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner
HKEY_CLASSES_ROOT\VCatchPI.VCScanner.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner\CLSID {C15DFCFB-3D1C-4E50-AAC7-037B016B95F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner\CurVer VCatchPI.VCScanner.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner VCScanner Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7}
HKEY_CLASSES_ROOT\VCatchPI.VCScanner.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VCatchPI.VCSca nner.1
HKEY_CURRENT_USER\software\commonsearch
HKEY_CURRENT_USER\software\commonsearch VCatch 6.3.1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C15DFCF B-3D1C-4E50-AAC7-037B016B95F7}


Detected Spyware Cookies
No spyware cookies were found during this scan.

Хороший зверь :) В базы AVZ он попал как Spy.VCatch