Description is a criminal website that comes with a downloader for the fake security program called Virus Protector. Users typically encounter if a browser hijacking Trojan has infected their machines. is disguised as a My Computer window that is embedded into a webpage structure. This is done to trick users into thinking it is legitimate. On the very same webpage, will conduct a fake online system scan which will automatically report that the system is infested with dangerous malware. Then the victim will be prompted to purchase Virus Protector in order to remove all the harmful malware that was "detected". Do not fall for this scam; is a malicious websites that promotes illegitimate software.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Temp\[random].exe N/A
2 %Program Files%\Internet Explorer\[random].dll N/A
3 %WINDOWS%\system32\[random].exe N/A
4 %WINDOWS%\system32\drivers\[random].dll N/A
5 %Documents and Settings%\[UserName]\Application Data\[random].exe N/A
6 %Program Files%\Internet Explorer\[random].exe N/A
7 %WINDOWS%\[random].dll N/A
8 %WINDOWS%\system32\drivers\[random].exe N/A
9 %Documents and Settings%\[UserName]\Application Data\[random].dll N/A
10 %Documents and Settings%\[UserName]\Local Settings\Temp\[random].dll N/A
11 %WINDOWS%\[random].exe N/A
12 %WINDOWS%\system32\[random].dll N/A

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs" = "[random].dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "LoadAppInit_DLLs" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Virus Protector"