« Vista Defender Pro
Win 7 Smart Security 2010 »

User Protection

No Comments
Domesticus By Domesticus in Rogue Anti-Virus Program | 195 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading ... Loading ...
Translate To:     Español  |   Português

User Protection Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

User Protection is a misleading anti-virus application that should not be trusted. User Protection is from the same family as the rogue applications called Paladin Antivirus and Dr. Guard. On infiltrating a system, User Protection will create a start-up registry entry and disable legitimate security programs running on the system. Then User Protection will report fabricated computer threats and convince a user that his/her system is infected with spyware, worms, Trojans etc. The user will then be prompted to purchase the “full version” of User Protection in order to remove all the detected computer threats. Do not waste your money on User Protection it is a fake security application.

Type: Rogue Anti-Virus Program

How Can You Detect User Protection?

 
 

Download SpyHunter’s Detection Scanner
to Detect User Protection.

 
 

User Protection Technical Report

As new User Protection details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following User Protection files with its MD5s were created in the system:

File Name File Size MD5
usrext.dll 40960 fe9bc465085d59f155decb2679fd26d4
usrprot.exe 2355200 e94131ff9f26d3b47145d0443b7c9de8
installerUP[1].exe 181760 7dbcb95d5d665f3775659e764bb483c9
usrhook.dll 22016 e94e68ce6cfb07809bae5a2133980cc3

User Protection has typically the following processes in memory:

  • usrprot.exe

User Protection created the following directories, files, paths:

  • %ProgramFiles%\User Protection
  • %UserProfile%\Start Menu\Programs\User Protection

User Protection creates the following registry entries:

  • HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1″
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\User Protection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”
  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\User Protection
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “User Protection”

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 03/19/10 and is filed under Rogue Anti-Virus Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Track Malware Around the World

Recent Articles

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Additional Terms and Conditions
Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.