tube-funs-world-com Spyware (Privacy Components)

tube-funs-world.com - Rogue.AntiSpyware.Sysguard "Privacy components" Privacy Components is another rogue antispyware that displays fake security alerts, This program is known to be installed on computers without users approval, dropped by a trojan or using other malicious technics.
Analysis:
	Fake PornTube website         hxxp://tube-funs-world.com/promo2/?aid=561&vname=free_dvd_rip hxxp://tube-funs-world.com/promo2/?aid=561&vname=stream_player_plugin       hxxp://tube-funs-world.com/promo2/2.php?aid=561&vname=stream_player_plugin   stream_player_plugin.exe         Fake scannerwith the look of Windows Explorer     hxxp://tube-funs-world.com/promo3/   hxxp://tube-funs-world.com/promo3/get.php?aid=0&vname=protect   protect.exe (same file - )       Some java scripts     hxxp://tube-funs-world.com/promo4/   hxxp://tube-funs-world.com/promo4/get.php?aid=0&vname=stream_player_plugin   stream_player_plugin.exe (same file)       Another Fake PornTube website with the logo SexTube     http://tube-funs-world.com/promo5/   http://tube-funs-world.com/promo5/get.php?aid=0&vname=setup     setup.exe (same file)       File info: stream_player_plugin.exe       File size 3159829 bytes     MD5 5cf2fcaaac2863b850aabd96f85c5ed8         Anubis: Report for protect.exe (same file)       Anubis: Report     ThreatExpert: Report     VirusTotal: Report       First received 03.24.2009 02:07:47 (CET)     Results 4/39 (10.26%)       Alias: Win32.SPRFraud.PrivC       Sus/Behav-113       Privacy components       Adware/Agent.gen
Domain sharing IP with tube-funs-world.com [194.165.4.39]
	inetnum:194.165.4.0 - 194.165.5.255 netname:NTCOLO descr:Plitochnik Lux LTD descr:CO-LOCATION IN UA-IX route: 194.165.4.0/23 AS: AS48669 NTCOLO-AS NTCOLO privacy-tools-pack.com privacyupdate445.com privacyupdate446.com privacyupdate447.com tube-funs-world.com turbo-tube-uploaderz.com
Privacy Center "Privacy components" removal information
	- Kill processes: agent.exe, openvpn.exe, pc.exe, tapinstall.exe uninstall.exe - Unregister DLLs (regsvr32 /u [dll_name]): sp.dll, spbho.dll - Delete registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {D032570A-5F63-4812-A094-87D007C23012} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spbho.TIEAdvBHO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\Privacy center - Delete registry values: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] agent.exe = "%ProgramFiles%\Privacy center\agent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell = "%ProgramFiles%\Privacy center\pc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {D032570A-5F63-4812-A094-87D007C23012}\ProgID] (Default) = "spbho.TIEBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {D032570A-5F63-4812-A094-87D007C23012}\InprocServer32] (Default) = "C:\PROGRA~1\PRIVAC~1\tools\sp\spbho.dll" ThreadingModel = "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spbho.TIEBHO\Clsid] (Default) = "{D032570A-5F63-4812-A094-87D007C23012}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spbho.TIEBHO] (Default) = "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}] (Default) = "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Privacy center] DisplayName = "Privacy center" UninstallString = "%ProgramFiles%\Privacy center\uninstall.exe" NoModify = 0x00000001 NoRepair = 0x00000001 - Delete files and folders: ► %AppData%\Privacy center\ ► %Programs%\Privacy center\ ► %ProgramFiles%\Privacy center\