(1 votes, average: 4.00 out of 5)
Loading ...
Português|
|
Tweet |  More |
Protection System Description
[+] Click Image to Enlarge
Protection System is a rogue anti-spyware application originating from the same family as CoreGuard Antivirus 2009 fake spyware remover. Protection System infiltrates the computer via security vulnerabilities and backdoors provided by affiliated trojans. Once active, Protection System is configured to start automatically, prompting the user to run a fake online scan. When this scan is complete, fabricated infection reports are displayed, usually intimidating the user into purchasing the rogue spyware remover Protection System.
Type: Rogue AntiSpyware Programs
How Can You Detect Protection System?
Protection System Technical Report
As new Protection System details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Protection System files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| psystem[1].exe | 2514944 | a75dc448bcb618c50c8ad76701228ee4 |
| psystem.exe | 97640 | 180a93e777521710895083a0a22205b6 |
| psystem.exe | 1568768 | efb0890aa991793c26579a3c46e95fcb |
| psystem.exe | 1568768 | d9f2b005920d56abe854aa54a23bc0d6 |
| coreext.dll | 44032 | 1a734c8ed2c02fb06cf4dcf918cf7c0a |
Protection System Removal Details
Protection System has typically the following processes in memory:
- %Program Files%\Protection System\firewall.dll
- %Program Files%\Protection System\Protection System.exe
- psystem[1].exe
- %Program Files%\Protection System\CoreExt.dll
- %Program Files%\Protection System\Uninstall.exe
Protection System creates the following files in the system:
- %Program Files%\Protection System\core.cga
- %Program Files%\Protection System\Help\support.png
- %Program Files%\Protection System\Help\images\delete.png
- %Program Files%\Protection System\Help\images\tick.png
- %Program Files%\Protection System\Help\images\buttons\offline.gif
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection System.lnk
- %UserProfile%\Start Menu\Programs\Protection System\Protection System.lnk
- %Program Files%\Protection System\blacklist.cga
- %Program Files%\Protection System\Help\reg.html
- %Program Files%\Protection System\Help\images
- %Program Files%\Protection System\Help\images\plus_circle.png
- %Program Files%\Protection System\Help\images\buttons
- %Program Files%\Protection System\Help\images\buttons\voice.gif
- %UserProfile%\Start Menu\Programs\Protection System
- %Program Files%\Protection System
- %Program Files%\Protection System\Help
- %Program Files%\Protection System\Help\unreg.html
- %Program Files%\Protection System\Help\images\info.png
- %Program Files%\Protection System\Help\images\warn.png
- %Program Files%\Protection System\Help\images\buttons\online.gif
- %UserProfile%\Desktop\Protection System.lnk
- %UserProfile%\Start Menu\Programs\Protection System\Uninstall Protection System.lnk
Protection System creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection System
- HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
- HKEY_CURRENT_USER\Software\ ProtectionSystem
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Protection System”
Important Article Disclaimer
This entry was last updated on 07/14/09 and posted on 06/10/09.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Protection System
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.