Windows Protection Suite Windows Protection Suite
By GoldSparrow in Rogue Anti-Spyware Program |
62 views
Rate it: 
(7 votes, average: 4.71 out of 5)
Loading ...
(7 votes, average: 4.71 out of 5) Loading ...Translate To: 
Português
Português
Windows Protection Suite Description
Windows Protection Suite is a rogue anti-spyware application that infiltrates a computer without user approval or knowledge. Once active, Windows Protection Suite displays false system scanners and fabricated security alerts, in order to intimidate the user into believing that the computer is heavily infected. The user is then prompted to purchase and download the commercial version of Windows Protection Suite in order to combat these fictitious threats.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Protection Suite?
Windows Protection Suite Technical Report
As new Windows Protection Suite details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Windows Protection Suite files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| WIac55.exe | 2357760 | 93b7a38ff4c3a56077f0c2c8bc67d53c |
| WIfe7a.exe | 2104832 | e74a44e6b33cdcfb6c14e55501764d1d |
| WI15af.exe | 2174976 | 1a6b142bc316034f5a20402665a7ad40 |
| WI60ed.exe | 2187776 | 4af0d55f23586d1d0adb82fff218958e |
| WId2ba.exe | 2193408 | 1e07f21d12f37814ff85d69a1c23e17a |
| WI7f24.exe | 2108928 | 8713db1bd1a63855e53309fd3c5fde4f |
| WI7418.exe | 2179072 | ffcf6eb75fabd8613cb1de4011131229 |
| WI7a8f.exe | 2360320 | c49fad15feec77235373553d4fef99b3 |
| WI2106.exe | 2400256 | 734ba2ce099e740c590507c97c0f623f |
| WI3db3.exe | 2357248 | e30fedc6bf53a805ec586ed1cba517fc |
| ReleaseXP[1].exe | 2397184 | 4fb10d7bb7169f0a66dbb48f8963e0fb |
| ActivatedSetup[1].exe | 210432 | 4661101706083c24676642226051fdbd |
| WIb87c.exe | 2202112 | 741376ecccb187f4bffdcec701081daa |
| WIa744.exe | 2207232 | a574f606b9f985dc88ca61d03d90f863 |
| WId747.exe | 2175488 | 3b1fd82d731620f60f2e75579037c658 |
| WIb33d.exe | 2195456 | 57618a38c9a1b53e53a706eda74bdc44 |
| WI81c9.exe | 2234368 | cc351cec273339cf100fafcd1f3bc7eb |
| WI577a.exe | 2191872 | 49aa8e92c3eb273fd04c116b48d1b7ad |
| WI4ae8.exe | 2109440 | 8e483d6c01c404506309b04cfa77b0d1 |
| WI2e12.exe | 2105344 | 6f1d2d86dc08c2ed7b34aed11de78b47 |
| WI3e45.exe | 2342912 | 48b04d0a88974836cb2bb33381d0c83e |
| WIc182.exe | 2341376 | 9deeecedfd5ac77d5ce83769ac2612f6 |
| WI2703.exe | 2264064 | f09168f9f1b4a547b567867888acd999 |
| WIe9e2.exe | 2265088 | 0db269fa1ddae6e0fda30d4f424924f8 |
| WId1c0.exe | 2340352 | 003ddeeb380e33646d94ace75ac89b91 |
Windows Protection Suite has typically the following processes in memory:
- %UserProfile%\Recent\energy.dll
- %UserProfile%\Recent\kernel32.dll
- %UserProfile%\Recent\runddl.dll
- %UserProfile%\Recent\std.exe
- %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
- %UserProfile%\Recent\dudl.sys
- %UserProfile%\Recent\grid.sys
- %UserProfile%\Recent\PE.dll
- %UserProfile%\Recent\snl2w.exe
- %UserProfile%\Desktop\WindowsProtectionSuite.exe
- %Documents and Settings%\All Users\Application Data\345d567\WI345d.exe
- %UserProfile%\Recent\CLSV.exe
- %UserProfile%\Recent\grid.dll
- %UserProfile%\Recent\tempdoc.dll
- %UserProfile%\Recent\SM.dll
- %Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.exe
- %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
Windows Protection Suite created the following directories, files, paths:
- %AppData%\Windows Protection Suite
Windows Protection Suite creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “WindowsProtectionSuite”
Important Article Disclaimer
This entry was posted on 08/12/09 and is filed under Rogue Anti-Spyware Program.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
