Security Mechanic

Security Mechanic is a rogue anti-spyware application originating from the same family as System Protector and SpyProtector. Security Mechanic spreads by way of trojans and malicious websites, infiltrating computers in order to flood the user with popup windows and fake security alerts, in order to trick the user into believing that the computer is compromised and the only solution is to purchase and download the commercial version of the fake spyware remover Security Mechanic. Fabricated system scan results also accomplish this goal.

File System Details

Security Mechanic may create the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\Microsoft\windll32.exe
2. %UserProfile%\Application Data\shellex.dll
3. %UserProfile%\Application Data\setup.exe
4. %UserProfile%\Application Data\lsascs.exe
5. %WINDOWS\System32\spyprotector.cpl
6. %UserProfile%\Application Data\spyprotector
7. %Documents and Settings%\[User]\Application Data\SpyProtector\SC_Config.ini
8. %ProgramFiles%\Security Mechanic
9. %Documents and Settings%\[User]\Application Data\SpyProtector\SC_Base_new.dat

Registry Details

Security Mechanic may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Security Mechanic"


Most Viewed