System Protector

System Protector Description

ScreenshotSystem Protector is a fake anti-spyware program that is designed to trick the user into buying their full version of the program by displaying misleading pop-ups and “system alerts,” claiming that your machine is infected with malicious software. System Protector may use its system scanner to display false positives which work as an incentive to make unsuspecting users purchase System Protector’s commercial version.
Do not click on any link provided by System Protector.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Once you click on the link provided, you’ll be redirected to System Protector’s website to download and purchase System Protector’s rogue anti-spyware program. System Protector has the ability to recreate itself after reboot and its “System scan” messages may continue to pop up on your task manager. It is advised to run a scan with a reliable anti-spyware program to check for the presence of System Protector on your computer.


FraudTool.Spyprotector.BG [VirusBuster]Adware.Spyprotector.R.1943040.F [ViRobot]TROJ_FAKEVIR.CN [TrendMicro]Trojan Horse [Symantec]SpyProtector [Sunbelt]Medium Risk Malware [Prevx]Trojan.Generic [PCTools]W32/FakeAV.I!genr [Norman]probably a variant of Win32/TrojanDownloader.Agent [NOD32]Trojan.DisableTask.1943040.3 [McAfee-GW-Edition]

More aliases (69)

System Protector Automatic Detection Tool (Recommended)

Is your PC infected with System Protector? To safely & quickly detect System Protector we highly recommend you run the malware scanner listed below.

Technical Details

Visual & GUI Characteristics


File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 shellex.dll 281
    2 sysprotector_install[1].exe 228
    3 sysprotector_install[1].exe 225
    4 sysprotector_install[1].exe 225
    5 %ProgramFiles%\System Protector 219
    6 %UserProfile%\Start Menu\Programs\System Protector 200
    7 sysprotector_install_71174136[1].exe 131
    8 %UserProfile%\Application Data\install.exe N/A
    9 %UserProfile%\Application Data\lsascs.exe N/A
    10 %UserProfile%\Application Data\Microsoft\windll32.exe N/A
    11 %UserProfile%\Application Data\shellex.dll N/A
    12 %UserProfile%\Application Data\SpyProtectorSC_Base_new.dat N/A
    13 %UserProfile%\Application Data\SpyProtectorSC_Config.ini N/A
    14 %UserProfile%\Desktop\System Protector.lnk N/A
    15 %UserProfile%\Start Menu\Programs\System Protector\Purchase License.url N/A
    16 %UserProfile%\Start Menu\Programs\System Protector\Support Page.url N/A
    17 %UserProfile%\Start Menu\Programs\System Protector\System Protector.lnk N/A
    18 C:\Program Files\System Protector N/A
    19 C:\WINDOWS\system32\spyprotector.cpl N/A
    20 dfgfgh.ini N/A
    21 sys-protector.exe N/A
    22 System Protector.lnk N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" => 1HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "System Protector"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Protector HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellexHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System Protector"
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}

Additional Information

  • The following cookies were detected:
Posted: March 30, 2009 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 4.33 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 14


Leave a Reply

What is 9 + 13 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)