« Worm.Win32.AutoRun.gsf
Gawker Tricked by Scammers to Serve Malware Ads »

BlockKeeper Info & Removal Guide

No Comments
GoldSparrow By GoldSparrow in Rogue Anti-Spyware Program | 0 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

BlockKeeper Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

BlockKeeper, also known as Block Keeper, is another rogue program from the malicious WiniGuard family of rogue anti-spyware applications. The WiniGuard family includes fake security programs like SoftBarrier, SoftCop, Trust Soldier, Safe Fighter and others. BlockKeeper penetrates computer systems with the help of a Trojan or other malware. BlockKeeper will run a scan and display fake virus alerts once it has entered a machine. BlockKeeper is neither capable of detecting nor removing malware from a machine. A legitimate security tool may be used to completely remove BlockKeeper and its related files.

Type: Rogue AntiSpyware Programs

How Can You Detect BlockKeeper?

 
 

Download SpyHunter’s Detection Scanner
to Detect BlockKeeper.

 
 

BlockKeeper Technical Report

As new BlockKeeper details are reported by our customers and findings from our Threat Research Center, we will update this section.

Author of BlockKeeper:

  • Unknown

The following BlockKeeper files with its MD5s were created in the system:

File Name File Size MD5
BlockKeeper.exe 830976 0302559c77e4a27e4b7e3dbb4449a1cc
setup[1].exe 916814 dee858994fc487965c8379d61fa31081

BlockKeeper has typically the following processes in memory:

  • %WINDOWS%\10068tro9zd85.exe
  • %WINDOWS%\system32\1a605tzal32359.dll
  • %Program Files%\BlockKeeper Software\BlockKeeper\BlockKeeper.exe
  • %WINDOWS%\system32\19z89s5y663.dll
  • %Temp%\yxh5.tmp.exe
  • %WINDOWS%\10518virzs5f9.ocx
  • BlockKeeper.exe

BlockKeeper created the following directories, files, paths:

  • %ProgramFiles%\BlockKeeper Software\BlockKeeper
  • %AllUsersProfile%\Start Menu\Programs\BlockKeeper

BlockKeeper creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockKeeper
  • HKEY_LOCAL_MACHINE\SOFTWARE\BlockKeeper
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “yxh5.tmp.exe”
  • HKEY_CURRENT_USER\Software\BlockKeeper
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run“BlockKeeper”

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 11/3/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.