Infoprotector.net

Infoprotector.net Description

Infoprotector.net is a malicious websites involved in the distribution of the fake security application called Antivirus Soft. Users that encounter Infoprotector.net have typically been infected with Antivirus Soft or have been infected with browser hijacking Trojans. Once Infoprotector.net has been placed inside a victim's browser, the victim will be frequently redirected to the harmful website and alarming security alerts or pop-up messages will also be displayed.

Infoprotector.net will conduct a fake online system scan that will claim that the system is infected and the only solution is to purchase the "full" version of Antivirus Soft. Do not believe any of the security notifications displayed by Infoprotector.net or Antivirus Soft. Use a good anti-spyware program to detect and remove Infoprotector.net and its associated malware.

Technical Information

File System Details

Infoprotector.net creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe N/A
2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sftav.exe N/A

Registry Details

Infoprotector.net creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"