Browsersecessentials.com
Browsersecessentials.com is a malicious website that promotes the rogue anti-spyware program Personal Security. The user will be redirected to Browsersecessentials.com after the computer is infected by trojans, connected to a Personal Security scam. The user will constantly be redirected to Browsersecessentials.com, which appears to be a legitimate warning message, claiming that the website the user has been browsing "is unsafe". The warning message links users to the purchase page of Personal Security. Do not trust Browsersecessentials.com and have Personal Security removed immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Start Menu\PSecurity 2 %Documents and Settings%\All Users\Start Menu\PSecurity\Computer Scan.lnk 3 %Documents and Settings%\All Users\Start Menu\PSecurity\Help.lnk 4 %Documents and Settings%\All Users\Start Menu\PSecurity\Personal Security.lnk 5 %Documents and Settings%\All Users\Start Menu\PSecurity\Registration.lnk 6 %Documents and Settings%\All Users\Start Menu\PSecurity\Security Center.lnk 7 %Documents and Settings%\All Users\Start Menu\PSecurity\Settings.lnk 8 %Documents and Settings%\All Users\Start Menu\PSecurity\Update.lnk 9 %Program Files%\Common Files\PSecurityUninstall 10 %Program Files%\Common Files\PSecurityUninstall\Uninstall.lnk 11 %Program Files%\PSecurity 12 %Program Files%\PSecurity\psecurity.exe 13 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk 14 %UserProfile%\Desktop\Personal Security.lnk 15 %WINDOWS%\system32\win32extension.dll 16 win32extension.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “PSecurity”HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform “WinTSI 01.12.2009?HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
thank you for this information. These SOB's are crooks in the highest order. How can the public make them stop? Can I sue their sorry asses?