Checkliet.com

Checkliet.com Description

Checkliet.com is a criminal website that comes with a downloader for the fake security program called Virus Protector. Users typically encounter Checkliet.com if a browser hijacking Trojan has infected their machines. Checkliet.com is disguised as a My Computer window that is embedded into a webpage structure. This is done to trick users into thinking it is legitimate. On the very same webpage, Checkliet.com will conduct a fake online system scan which will automatically report that the system is infested with dangerous malware. Then the victim will be prompted to purchase Virus Protector in order to remove all the harmful malware that was "detected". Do not fall for this scam; Checkliet.com is a malicious websites that promotes illegitimate software.

Technical Information

File System Details

Checkliet.com creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Temp\[random].exe N/A
2 %Program Files%\Internet Explorer\[random].dll N/A
3 %WINDOWS%\system32\[random].exe N/A
4 %WINDOWS%\system32\drivers\[random].dll N/A
5 %Documents and Settings%\[UserName]\Application Data\[random].exe N/A
6 %Program Files%\Internet Explorer\[random].exe N/A
7 %WINDOWS%\[random].dll N/A
8 %WINDOWS%\system32\drivers\[random].exe N/A
9 %Documents and Settings%\[UserName]\Application Data\[random].dll N/A
10 %Documents and Settings%\[UserName]\Local Settings\Temp\[random].dll N/A
11 %WINDOWS%\[random].exe N/A
12 %WINDOWS%\system32\[random].dll N/A

Registry Details

Checkliet.com creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs" = "[random].dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "LoadAppInit_DLLs" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Virus Protector"