What are Spyware Critical Detections?.

Using spyware Critical Detections is crucial in a test environment.

They are benchmarks against which effective threat removal is measured.

Spyware critical detections are a group of files or registry entries determined as being critical for the functioning of each spyware program.
By removing them the spyware is rendered mostly ineffective.

They are manually collected (as a subset) from a larger list of changes made to files and registry entries, by each spyware infection being examined.

To keep the tests simple, the following were considered spyware critical detections:

  • Executable files (.EXE/.COM).
  • Dynamic link libraries (.DLL).
  • Auto-start registry entries.

The following is a list of 'Critical Detections' grouped by their respective spyware parent and assigned a unique ID.

Click here for Table Colour Key

Critical Detections Table
ID File / Registy Entry
BargainBuddy BullsEye
BBBE1 HKLM "SOFTWAREMicrosoftWindowsCurrentVersionRun""BullsEyeNetwork"
"C:Program FilesBullsEye Networkbargains.exe"
BBBE2 HKLM "SOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs" "C:WINNTDownloaded Program filesCONFLICT.1installer_MARKETING1.exe"
BBBE3 HKLM "SOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs" "C:WINNTDownloaded Program Filesinstaller_MARKETING1.exe"
BBBE4 "c:Program FilesBullsEye Network in"adv.exe"
BBBE5 "c:Program Files BullsEye Networkin""adx.exe"
BBBE6 "c:Program FilesBullsEye Networkin""bargains.exe"
BBBE7 "c:WINNTsystem32" "bbchk.exe"
BBBE8 "c:WINNTsystem32" "exclean.exe"
BBBE9 "c:WINNTsystem32" "exdl.exe"
BBBE10 "c:WINNTsystem32" "exdl0.exe"
BBBE11 "c:WINNTsystem32" "exdl1.exe"
BBBE12 "c:WINNTsystem32" "exul.exe"
BBBE13 "c:WINNTsystem32" "exul1.exe"
BBBE14 "c:WINNTsystem32" "msbe.dll"
Funscreenz FsAquatic
FsA1 HKCU "SoftwareMicrosoftWindowsCurrentVersionRun""tbon" "C:PROGRA~1TBONBin bon.exe /r"
FsA2 HKU "S-1-5-21-1645522239-1060284298-1343024091-1000Software
MicrosoftWindowsCurrentVersionRun""tbon" "C:PROGRA~1TBONBin bon.exe /r"
FsA3 "c:Program FilesTBONBin" "tbon.exe"
IST SideFind
ISTsF1 HKLM "SOFTWARESideFind""PathBHO""C:Program FilesSideFindsfbho.dll"
ISTsF2 HKLM "SOFTWARESideFind""PathDLL""C:Program FilesSideFindsidefind.dll"
ISTsF3 HKLM "SOFTWARESideFind""PathEXE""C:Program FilesSidefindupdatesidefind.exe"
ISTsF4 HKLM "SOFTWARESideFind""PathXML""C:Program FilesSideFindsfexd001"
ISTsF5 "c:Documents and Settings est1Local SettingsTemp" "sidefind.exe"
ISTsF6 "c:Program FilesSideFind""sfbho.dll"
ISTsF7 "c:Program FilesSideFind""sidefind.dll"
ISTsF8 "c:Program FilesSideFindupdate""sidefind.exe"
IWatchNow
IWN1 HKCU "SoftwareMicrosoftWindowsCurrentVersionRun""tbon""C:Program
FilesiWatchNow, InciWatchNow Media CenterTBONBin bon.exe
IWN2 HKU "S-1-5-21-1645522239-1060284298-1343024091-1000Software
MicrosoftWindowsCurrentVersionRun""tbon""C:Program files
iWatchNow, InciWatchNow Media CenterTBONBin bon.exe /r"
IWN3 "c:Program FilesiWatchNow, InciWatchNow Media Center""iwnvod.exe"
IWN4 "c:Program FilesiWatchNow, InciWatchNow Media Center""tbon.dll"
IWN5 "c:Program FilesiWatchNow, InciWatchNow Media Center""TBONInst.exe"
IWN6 "c:Program FilesiWatchNow, InciWatchNow Media Center""WBDEG44I.DLL"
IWN7 "c:Program FilesiWatchNow, InciWatchNow Media CenterTBONBin""tbon.exe"
SlotchBar IST
SBIST1 HKLM "SOFTWAREMicrosoftWindowsCurrentVersionRun""ReJf5vH"
"C:WINNTkklkf.exe"
SBIST2 HKLM "SOFTWAREMicrosoftWindowsCurrentVersionRun""SurfAccuracy"
"C:Program FilesSurfAccuracySAcc.exe"
SBIST3 HKLM "SOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs"
"C:WINNTDownloaded Program FilesISTactivex.dll"
SBIST4 "c:Program FilesISTbar""istbar.dll"
SBIST5 "c:Program FilesSurfAccuracy""SAcc.exe"
SBIST6 "c:Program FilesSurfAccuracy""SAccU.exe"
SBIST7 "c:WINNT""kklkf.exe"
WhenUSave
WUS1 HKCU SoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart
MenuProgramsWhenU
WUS2 HKCU "SoftwareMicrosoftWindowsCurrentVersionRun""WhenUSave"
"C:Program FilesSaveSave.exe"
WUS3 HKU "S-1-5-21-1645522239-1060284298-1343024091-1000Software
MicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsWhenU"
WUS4 HKU "S-1-5-21-1645522239-1060284298-1343024091-1000Software
MicrosoftWindowsCurrentVersionRun""WhenUSave"C:Program FilesSaveSave.exe"
WUS5 C:Program FilesSaveACM.dll
WUS6 c:Program FilesMozilla Firefoxextensions{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}
chrome""whenu_ff.jar"
WUS7 "c:Program FilesMozilla Firefoxextensions{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}
components""Iwhenu_ff.xpt"
WUS8 "c:Program FilesMozilla Firefoxextensions{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}
components""whenu_ff.dll"
WUS9 c:Program FilesSave""save.db"
WUS10 "c:Program FilesSave""Save.exe"
WUS11 "c:Program FilesSave""save.htm"
ZangoMedia
ZM1 HKLM "SOFTWAREMicrosoftWindowsCurrentVersionRun""zango""c:program
fileszangozango.exe"
ZM2 "c:Program FilesMozilla Firefoxplugins"npclntax.dll"
ZM3 "c:Program FilesZango ProgramsZango Toolbar""ZangoTB.dll"
ZM4 "c:Program FilesZango""zango.exe"
ZM5 "c:Program FilesZango"zangohook.dll"
Key:
Symbol Type
BLUE File
RED Registry Entry
GREEN Mozilla Firefox Entries

Click here to see spyware test methodology.

Click here to see spyware test results.

Return to top