Protection-estore.com

Protection-estore.com Description

Protection-estore.com is a rogue webpage created to promote the fake anti-spyware program, Personal Security. Protection-estore.com is inserted into a victims hosts file by sneaky Trojans that change the settings to ensure that the victim is continuously redirected to Protection-estore.com. Protection-estore.com advertises Personal Security as the "Best Spyware Protection". Don't be fooled, Personal Security is a useless application and Protection-estore.com cannot be trusted.

Technical Information

File System Details

Protection-estore.com creates the following file(s):
# File Name Detection Count
1 %WINDOWS%\system32\win32extension.dll N/A
2 %Program Files%\PSecurity\psecurity.exe N/A
3 %Program Files%\Common Files\PSecurityUninstall\Uninstall.lnk N/A
4 %Documents and Settings%\All Users\Start Menu\PSecurity\Help.lnk N/A
5 %Documents and Settings%\All Users\Start Menu\PSecurity\Security Center.lnk N/A
6 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk N/A
7 %Program Files%\Common Files\PSecurityUninstall N/A
8 %Documents and Settings%\All Users\Start Menu\PSecurity\Computer Scan.lnk N/A
9 %Documents and Settings%\All Users\Start Menu\PSecurity\Registration.lnk N/A
10 %Documents and Settings%\All Users\Start Menu\PSecurity\Update.lnk N/A
11 %Program Files%\PSecurity N/A
12 %Documents and Settings%\All Users\Start Menu\PSecurity N/A
13 %Documents and Settings%\All Users\Start Menu\PSecurity\Personal Security.lnk N/A
14 %Documents and Settings%\All Users\Start Menu\PSecurity\Settings.lnk N/A
15 %UserProfile%\Desktop\Personal Security.lnk N/A

Registry Details

Protection-estore.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PSecurity"
HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinTSI 01.12.2009"