Drlcleaner.info
Drlcleaner.info is a malicious website connected to the distribution and sell of the rogue anti-spyware program Safety Center. Drlcleaner.info can lead to the installation of a Trojan such as Zlob or Vundo which is capable of installation malicious applications without the computer users consent. Drlcleaner.info uses many convincing messages to make computer users believe that they need to purchase a full version of Safety Center to remove certain spyware threats.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\SafetyCenter\main.ico 2 %Program Files%\SafetyCenter\protector.exe 3 %Program Files%\SafetyCenter\sound.wav 4 %UserProfile%\My Documents\0886b8.vom 5 %UserProfile%\My Documents\102.exe 6 %UserProfile%\My Documents\Adrevolver.txtAds360.com 7 %UserProfile%\My Documents\cs_def.exe 8 %UserProfile%\My Documents\default.pss 9 %UserProfile%\My Documents\emalware.cvd 10 %UserProfile%\My Documents\install_tag002.exe 11 %UserProfile%\My Documents\tdfhex.dll 12 %UserProfile%\My Documents\trojan.psw.stealth.a.exe 13 %WINDOWS%\gbaxl2.dat
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB09B56A-91AB-11DE-95FD-A39056D89593}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}HKEY_LOCAL_MACHINE\SOFTWARE\SafetyCenterHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}HKEY_CLASSES_ROOT\CLSID\{EB09B56A-91AB-11DE-95FD-A39056D89593}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "SafetyCenter"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SafetyCenter
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.