Security-mechanic.com
Security-mechanic.com is a browser hijacker promoting the distribution of the rogue anti-spyware application known as Security Mechanic. Due to affiliated trojans infiltrating the computer via security exploits and modifying the browser settings, web-surfing activities are redirected to the Security-mechanic.com domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing the fake spyware remover Security Mechanic.
File System Details
Security-mechanic.com creates the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %UserProfile%\Application Data\Microsoft\windll32.exe | N/A |
| 2. | %UserProfile%\Application Data\shellex.dll | N/A |
| 3. | %UserProfile%\Application Data\setup.exe | N/A |
| 4. | %UserProfile%\Application Data\lsascs.exe | N/A |
| 5. | %WINDOWS\System32\spyprotector.cpl | N/A |
| 6. | %UserProfile%\Application Data\spyprotector | N/A |
| 7. | %Documents and Settings%\[User]\Application Data\SpyProtector\SC_Config.ini | N/A |
| 8. | %ProgramFiles%\Security Mechanic | N/A |
| 9. | %Documents and Settings%\[User]\Application Data\SpyProtector\SC_Base_new.dat | N/A |
Registry Details
Security-mechanic.com creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exe
HKEY_CLASSES_ROOT\CLSID\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Security Mechanic"
