Privacy Protection

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 33
First Seen: November 4, 2011
OS(es) Affected: Windows

Privacy Protection Image

Privacy Protection is a fairly typical rogue anti-virus application. 'Rogue anti-virus application' is a term that computer security analysts use to refer to a kind of malicious software that pretends to be a legitimate security program. Privacy Protection and similar applications are part of a convoluted scam designed to take advantage of the relative inexperience of most computer users. Instead of merely infecting a computer system with a virus, worm or Trojan, rogue anti-virus programs like Privacy Protection will do this but also pretend to be legitimate security programs. To make the scam more convincing, Privacy Protection emulates the layout, design and logos of legitimate security programs like Microsoft Security Essentials and Windows Defender.

How the Privacy Protection Scam Works

Once the computer is infected with a variety of problem-causing malware threats, Privacy Protection 'helpfully' offers to get rid of the problems that Privacy Protection itself caused. Of course, this help is not free; rogue anti-virus programs like Privacy Protection charge for a useless 'full version' or for a 'license', in order to remove the infection from your computer system. In a sense, these kinds of programs take your computer system hostage, making it practically unusable, until you pay to have the problems removed. However, ESG PC security advisers strongly recommend that you do not purchase Privacy Protection or any other rogue security program. In every case, the Trojans and malicious scripts on your computer system are not removed by paying the amount that is demanded. While sometimes the most annoying symptoms may subside, a Trojan infection will still reside on your computer system, affecting your computer's performance and placing your data at risk. Another reason why you should never pay for a program such as Privacy Protection is that doing so makes your credit card information available to the criminals behind this online scam, making you the probable target of identity theft or credit card fraud. Instead of paying for this useless program, remove Privacy Protection with a legitimate anti-malware application.

Probable Sources of a Privacy Protection Infection

Privacy Protection and similar rogue security programs usually infect a computer system through a Trojan infection. Trojans associated with Privacy Protection are typically found on unsafe websites, such as pornographic websites, file sharing websites or websites with numerous unsafe advertisements. Trojans associated with Privacy Protection may also be found in spam email attachments or bundled along with popular files on peer-to-peer file sharing networks.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Privacy Protection

File System Details

Privacy Protection may create the following file(s):
# File Name MD5 Detections
1. privacy.exe db68cacefc57e6b89fe884326dc71002 9
2. privacy.exe e82b82f34da61d9d3abf980709e525a6 8
3. privacy.exe e3b6f158c2a8748882cbb7d5dee7f65a 6
4. privacy.exe 41b5e833c050092b91ac8f237cd730d1 5
5. privacy.exe fba04a2c31c8ce7cca750b75d7c10d4f 5
6. defender.exe
7. [RANDOM CHARACTERS].exe

Registry Details

Privacy Protection may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe;"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\defender.exe” /sn"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "rundll32" = ""
HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz
HKEY_CURRENT_USER\Software\Microsoft "adver_id" = "29"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "rundll32" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Privacy Protection
HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}
HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Malware Protection"
HKEY_CURRENT_USER\Software\Malware Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}

Messages

The following messages associated with Privacy Protection were found:

Security Warning
Malicious program has been detected. Click here to protect your computer.
taskmgr.exe can not start
File taskmgr.exe is infected by W32/Blaster.worm. Please activate Spyware Protection to protect your computer.

2 Comments

Just wanted to say Thanks for your hard work.

I am tired of this crap.Every click on internet lead to blaster worm hosting server.
A key to tame him and clean the pc is : Y76REW-T65FD5-U7VBF5A

Trending

Most Viewed

Loading...