« Trojan.Win32.Larchik.v
Windows 7 Still Vulnerable to 8 out of 10 Viruses Despite Improved UAC »

BlockProtector

No Comments
ZulaZuza By ZulaZuza in Rogue Anti-Spyware Program | 0 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

BlockProtector Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

BlockProtector is a fake security application from the same family of rogueware as Block Scanner, Block Watcher and Block Keeper. BlockProtector is installed onto users’ computers with the help of sneaky Trojans that modify the settings to ensure that BlockProtector will automatically run when Windows is started up.

Once BlockProtector has accessed a system, it will conduct a fake scan that will report that the system is infected with multiple parasites. Targeted users will then be advised to purchase BlockProtector in order to remove all the detected parasites. All spyware alerts or notifications displayed by BlockProtector are false. It is best that you remove BlockProtector from your PC at your earliest convenience.

Type: Rogue AntiSpyware Programs

How Can You Detect BlockProtector?

 
 

Download SpyHunter’s Detection Scanner
to Detect BlockProtector.

 
 

BlockProtector Technical Report

As new BlockProtector details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following BlockProtector files with its MD5s were created in the system:

File Name File Size MD5
setup[1].exe 900096 2aea8f7d2172905a677140c8ffdad76b
BlockProtector.exe 772608 2bb2cb3d809a217918a4bfb80cf3ab98

BlockProtector has typically the following processes in memory:

  • c:\WINDOWS\1069szyware7695.exe
  • %Temp%\rwb4.tmp.exe
  • c:\Program Files\BlockProtector Software\BlockProtector\Uninstall.exe
  • c:\WINDOWS\system32\335steal97z2.ocx
  • c:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe
  • c:\WINDOWS\11763zpy1f95.exe
  • BlockProtector.exe

BlockProtector created the following directories, files, paths:

  • %ProgramFiles%\BlockProtector Software\BlockProtector

BlockProtector creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockProtector
  • HKEY_LOCAL_MACHINE\SOFTWARE\BlockProtector
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “BlockProtector.exe”
  • HKEY_CURRENT_USER\Software\BlockProtector
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “rwb4.tmp.exe”

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 11/5/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.