Description is a malicious website that promotes the rogue anti-spyware program Personal Security. Internet users will be redirected to after the computer is infected by Trojans connected to the Personal Security scam. The victim will constantly be redirected to, which appears to be a legitimate warning message, claiming that the website the user has been browsing is unsafe. The warning message links users to the purchase page of Personal Security. Do not trust and have Personal Security removed immediately using a reliable anti-spyware program.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %WINDOWS%\system32\win32extension.dll N/A
2 %Program Files%\PSecurity\psecurity.exe N/A
3 Psecurity.exe N/A
4 %Program Files%\Common Files\PSecurityUninstall\Uninstall.lnk N/A
5 %Documents and Settings%\All Users\Start Menu\PSecurity\Help.lnk N/A
6 %Documents and Settings%\All Users\Start Menu\PSecurity\Security Center.lnk N/A
7 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk N/A
8 %Program Files%\Common Files\PSecurityUninstall N/A
9 %Documents and Settings%\All Users\Start Menu\PSecurity\Computer Scan.lnk N/A
10 %Documents and Settings%\All Users\Start Menu\PSecurity\Registration.lnk N/A
11 %Documents and Settings%\All Users\Start Menu\PSecurity\Update.lnk N/A
12 %Program Files%\PSecurity N/A
13 %Documents and Settings%\All Users\Start Menu\PSecurity N/A
14 %Documents and Settings%\All Users\Start Menu\PSecurity\Personal Security.lnk N/A
15 %Documents and Settings%\All Users\Start Menu\PSecurity\Settings.lnk N/A
16 %UserProfile%\Desktop\Personal Security.lnk N/A

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinTSI 01.12.2009"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PSecurity"