Security Mechanic
Security Mechanic is a rogue anti-spyware application originating from the same family as System Protector and SpyProtector. Security Mechanic spreads by way of trojans and malicious websites, infiltrating computers in order to flood the user with popup windows and fake security alerts, in order to trick the user into believing that the computer is compromised and the only solution is to purchase and download the commercial version of the fake spyware remover Security Mechanic. Fabricated system scan results also accomplish this goal.
File System Details
Security Mechanic may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %UserProfile%\Application Data\Microsoft\windll32.exe | |
| 2. | %UserProfile%\Application Data\shellex.dll | |
| 3. | %UserProfile%\Application Data\setup.exe | |
| 4. | %UserProfile%\Application Data\lsascs.exe | |
| 5. | %WINDOWS\System32\spyprotector.cpl | |
| 6. | %UserProfile%\Application Data\spyprotector | |
| 7. | %Documents and Settings%\[User]\Application Data\SpyProtector\SC_Config.ini | |
| 8. | %ProgramFiles%\Security Mechanic | |
| 9. | %Documents and Settings%\[User]\Application Data\SpyProtector\SC_Base_new.dat |
Registry Details
Security Mechanic may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exe
HKEY_CLASSES_ROOT\CLSID\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Security Mechanic"
