ASpam is remote access trojan implemented as an IE Browser Helper Object. It is not really Unsolicited Commercial Software as it has no known commercial aim, but it is included in the detection script at this site as it is a threat detectable from web pages.
ASpam/Amcis: installs the BHO under the filename AMCIS32.DLL, with object name Amcis32. ASpam/Drvman: the file and object name is DRVMAN32 instead and the classid is different.
The installer ASPAM.EXE was attached to a mass-mailing purported to come from Microsoft (aspam@microsoft.com), offering an anti-spam feature for Outlook Express. The actual author is not currently known.
No.
No.
Yes. Gives the attacker user-level access to the machine it is installed on.
No.
No uninstall feature, but many anti-virus tools target the ASpam trojan.
Open the registry (Start->Run->regedit) and delete the following keys. For variant Amcis:
HKEY_LOCAL_MACHINE\Software\Classes\AMCIS32.IEClass
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{657B9354-BB3B-4500-A9B0-109B4FA64815}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{657B9354-BB3B-4500-A9B0-109B4FA64815}
For variant Drvman:
HKEY_LOCAL_MACHINE\Software\Classes\DRVMAN32.IEClass
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{499DB658-1909-420B-931A-4A8CAEFD232F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{499DB658-1909-420B-931A-4A8CAEFD232F}
(Ignore the 'DontDelete' subkey in Browser Helper Objects.) Restart the computer and you should be able to delete the AMCIS32.DLL file in the System folder (to be found inside the Windows folder, 'System' under Windows 95/98/Me, 'System32' under Windows NT/2000/XP).