« Barracuda Antivirus
Wind Optimizer »

Protection System

No Comments
GoldSparrow By GoldSparrow in Rogue Anti-Spyware Program | 320 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4.00 out of 5)
Loading ... Loading ...

Protection System Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

Protection System is a rogue anti-spyware application originating from the same family as CoreGuard Antivirus 2009 fake spyware remover. Protection System infiltrates the computer via security vulnerabilities and backdoors provided by affiliated trojans. Once active, Protection System is configured to start automatically, prompting the user to run a fake online scan. When this scan is complete, fabricated infection reports are displayed, usually intimidating the user into purchasing the rogue spyware remover Protection System.

Type: Rogue AntiSpyware Programs

How Can You Detect Protection System?

 
 

Download SpyHunter’s Detection Scanner
to Detect Protection System.

 
 

Protection System Technical Report

As new Protection System details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Protection System files with its MD5s were created in the system:

File Name File Size MD5
psystem[1].exe 2514944 a75dc448bcb618c50c8ad76701228ee4
psystem.exe 97640 180a93e777521710895083a0a22205b6
psystem.exe 1568768 efb0890aa991793c26579a3c46e95fcb
psystem.exe 1568768 d9f2b005920d56abe854aa54a23bc0d6
coreext.dll 44032 1a734c8ed2c02fb06cf4dcf918cf7c0a

Protection System has typically the following processes in memory:

  • %Program Files%\Protection System\firewall.dll
  • %Program Files%\Protection System\Protection System.exe
  • psystem[1].exe
  • %Program Files%\Protection System\CoreExt.dll
  • %Program Files%\Protection System\Uninstall.exe

Protection System creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection System
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_CURRENT_USER\Software\ ProtectionSystem
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Protection System”

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 06/10/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.