Threat Database Rogue Websites Infoprotector.net

Infoprotector.net

Infoprotector.net is a malicious websites involved in the distribution of the fake security application called Antivirus Soft. Users that encounter Infoprotector.net have typically been infected with Antivirus Soft or have been infected with browser hijacking Trojans. Once Infoprotector.net has been placed inside a victim's browser, the victim will be frequently redirected to the harmful website and alarming security alerts or pop-up messages will also be displayed.

Infoprotector.net will conduct a fake online system scan that will claim that the system is infected and the only solution is to purchase the "full" version of Antivirus Soft. Do not believe any of the security notifications displayed by Infoprotector.net or Antivirus Soft. Use a good anti-spyware program to detect and remove Infoprotector.net and its associated malware.

File System Details

Infoprotector.net may create the following file(s):
# File Name Detections
1. %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe
2. %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sftav.exe

Registry Details

Infoprotector.net may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"

Trending

Most Viewed

Loading...