Prosecure-protection1.com

Prosecure-protection1.com Description

Prosecure-protection1.com is a malicious website that promotes the rogue anti-spyware program Personal Security. Internet users will be redirected to Prosecure-protection1.com after the computer is infected by Trojans connected to the Personal Security scam. The victim will constantly be redirected to Prosecure-protection1.com, which appears to be a legitimate warning message, claiming that the website the user has been browsing is unsafe. The warning message links users to the purchase page of Personal Security. Do not trust Prosecure-protection1.com and have Personal Security removed immediately using a reliable anti-spyware program.

Technical Information

File System Details

Prosecure-protection1.com creates the following file(s):
# File Name Detection Count
1 %WINDOWS%\system32\win32extension.dll N/A
2 %Program Files%\PSecurity\psecurity.exe N/A
3 Psecurity.exe N/A
4 %Program Files%\Common Files\PSecurityUninstall\Uninstall.lnk N/A
5 %Documents and Settings%\All Users\Start Menu\PSecurity\Help.lnk N/A
6 %Documents and Settings%\All Users\Start Menu\PSecurity\Security Center.lnk N/A
7 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk N/A
8 %Program Files%\Common Files\PSecurityUninstall N/A
9 %Documents and Settings%\All Users\Start Menu\PSecurity\Computer Scan.lnk N/A
10 %Documents and Settings%\All Users\Start Menu\PSecurity\Registration.lnk N/A
11 %Documents and Settings%\All Users\Start Menu\PSecurity\Update.lnk N/A
12 %Program Files%\PSecurity N/A
13 %Documents and Settings%\All Users\Start Menu\PSecurity N/A
14 %Documents and Settings%\All Users\Start Menu\PSecurity\Personal Security.lnk N/A
15 %Documents and Settings%\All Users\Start Menu\PSecurity\Settings.lnk N/A
16 %UserProfile%\Desktop\Personal Security.lnk N/A

Registry Details

Prosecure-protection1.com creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinTSI 01.12.2009"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PSecurity"
HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56