Home Malware Programs Rogue Anti-Virus Programs JustProtectPc

JustProtectPc

Posted: January 11, 2011

JustProtectPc is rogue anti-virus software which copies itself to additional programs on targeted computers. JustProtectPc is another clone of Antivirus. All programs infected will be corrupted and malfunction and other malicious actions will occur on the infected system. JustProtectPc poses as an anti-spyware application but is actually useless. Symptoms associated with JustProtectPc are system depreciation and annoying pop-ups with messages claiming the system is infected. Make sure a genuine malware remover is used to terminate JustProtectPc on an infected computer.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 C:\Documents and Settings\All Users\Desktop\AntiVirus.lnk
    2 C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus\AntiVirus.lnk
    3 C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus\Uninstall.lnk
    4 C:\Documents and Settings\malwarehelp.org\Local Settings\Temp\winupd64x.exe
    5 C:\Documents and Settings\malwarehelp.org\Local Settings\Temporary Internet Files\Content.IE5\MGJCX1Y1\wscsvc32[1].exe
    6 C:\Documents and Settings\malwarehelp.org\Local Settings\Temporary Internet Files\Content.IE5\QVWZ2YCX\AvBho[1].dll
    7 C:\Program Files\Antivirus\
    8 C:\Program Files\Antivirus\Antivirus.exe
    9 C:\Program Files\Antivirus\AvBho.dll
    10 C:\Program Files\Antivirus\wscsvc32.exe
    11 C:\SYSTEM VOLUME INFORMATION\_RESTORE{D3113EBC-D804-4C81-9A6A-F59373F8925A}\RP16\A0001034.LNK
    12 C:\WINDOWS\Prefetch\ANTIVIRUS.EXE-26EDE405.pf

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9d541c6a-573b-4888-b35e-6816e68c3620}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus.exeHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wscsvc32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{9d541c6a-573b-4888-b35e-6816e68c3620}HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91}HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5}HKEY_CLASSES_ROOT\TypeLib\{65da0ce6-30d1-4144-a0b6-59bd01372e26}HKEY_CLASSES_ROOT\avbho.avbhoappHKEY_CLASSES_ROOT\avbho.avbhoapp.1HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus
Loading...