spy-protector-pro.com promotes Spy Protector

Posted by on Friday, April 3rd, 2009  |  4,036 views

Spy Protector is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim.

Once your computer is infected with this parasite, it will immediately displays security warnings, alerts and system scans stating that your computer is heavily infected. These warnings are all false and are only displayed to make you think your computer is truly infected and that it is necessary to buy the full version of the software to remove the so-called infections.

Spy Protector Screenshot

Make sure to not fall in this scam, if your computer is infected with Spy Protector, it is recommended to remove it immediately and to scan your system with a real security software.

Symptoms of infection

  • The process lsascs.exe is running in your system
  • The process windll32.exe is running in your system
  • Slow computer performance
  • Repeated security warnings, alerts and system scans
  • Web sites that suddenly are shown on your desktop

Malicious web sites and urls:

1
2
3
4

spy-protector-pro.com
av-onlinescan.com
av-onlinescan.org
webscannertools.com

When the program is executed, it creates the following files:

1
2
3
4
5
6
7
8
9
10

%AllUsers%\ApplicationData\lsascs.exe
%AllUsers%\ApplicationData\Microsoft\windll32.exe
%AllUsers%\ApplicationData\shellex.dll
%AllUsers%\ApplicationData\SpyProtector\SC_Base_new.dat
%AllUsers%\ApplicationData\SpyProtector\SC_Config.ini
%AllUsers%\Desktop\Spy Protector.lnk
%ProgramFiles%\Spy Protector\Purchase License.url
%ProgramFiles%\Spy Protector\Spy Protector.lnk
%ProgramFiles%\Spy Protector\Support Page.url
C:\WINDOWS\system32\spyprotector.cpl

The program creates the following registry entries:

1
2
3
4
5

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Spy Protector
HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Spy Protector
HKCU\Software\Microsoft\Windows\CurrentVersion\SpyProtector
HKCU\Software\Microsoft\Internet Explorer\Main\startpage\
hxxp://www.spy-protector-pro.com/securitypage

How to remove Spy Protector (manual removal) ?

  • Kill the running process lsascs.exe
  • Kill the running process windll32.exe
  • Unregister all the Spy Protector DLLs
  • Delete all the Spy Protector files
  • Delete all the Spy Protector registry entries

How to remove Spy Protector (automatic removal) ?

Posted by on Friday, April 3rd, 2009 at 9:49 pm and filed under Rogue Software with tags , , . You can skip to the end and leave a response. Pinging is currently not allowed.

Random Posts

Previous Posts