System Protector Removal Report

System Protector

One Comment

By GoldSparrow in Rogue Anti-Spyware Program | 95 views

Rate it:

(No Ratings Yet)

Loading ...

System Protector Description

System Protector, or SystemProtector, is a rogue anti-spyware program designed to trick users into believing it’s a legitimate anti-spyware program.

System Protector may be installed in the user’s computer system by a Trojan, such as Zlob, through a rogue video codec download or the user may have downloaded it from a rogue website. Once Zlob is installed, the user will receive a large amount of fake notification messages stating that his/her computer is infested with spyware. In order to remove these threats, the user will be redirected to a fraudulent website to further purchase System Protector’s full version. System Protector is also able to emulate a computer system scan. After System Protector’s scanner is launched, the user will receive a list of spyware infections supposedly found in his/her computer system as a result.

System Protector may be configured to run on every Windows startup. System Protector may also cause computer system’s performance to decrease.

Type: Rogue AntiSpyware Programs

How Can You Detect System Protector?

Download SpyHunter’s Detection Scanner
to Detect System Protector.

System Protector Technical Report

As new System Protector details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following System Protector files with its MD5s were created in the system:

File Name	File Size	MD5

lsascs.exe	1943040	83651530f4cf55168524e5e28c9d3c2a
sysprotector_install[1].exe	40960	b53da5469558504015005dd31dc2fb78
install[1].exe	1312706	da0a130cca9faa4e031f5cdf4128103e
shellex.dll	159744	32b18b7832ab674cb0f5ce64c808706c
sysprotector_install_71174136[1].exe	26624	f3550430259981ac278c00c920e24943
shellex.dll	159744	fddfcdabbdcee22f4a5bc714ae3523ec
sysprotector_install[1].exe	26624	3818a6ca4e8912c077c527e63c814c7d
lsascs.exe	1943040	686aae04c8fea3f414692c1f48788808

System Protector has typically the following processes in memory:

sysprotector_install[1].exe
sys-protector.exe

System Protector created the following directories, files, paths:

%UserProfile%\Start Menu\Programs\System Protector
%ProgramFiles%\System Protector

System Protector creates the following registry entries:

Microsoft\Windows\CurrentVersion\System Protector
Drive\shellex\ContextMenuHandlers\System Protector
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “System Protector”
Directory\shellex\ContextMenuHandlers\System Protector
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Protector
*\shellex\ContextMenuHandlers\System Protector

Important Article Disclaimer

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.

This entry was posted on 03/29/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “System Protector”

jamie Says:
January 8th, 2010 at 9:25 am
These scams sucks! Thank you guys for saving me before I have bought this “protector” thing.

[Reply]

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.