My-protection.info
My-protection.info is a rogue website sponsoring the fake spyware remover Fast Antivirus 2009. In order to achieve this goal, trojans infiltrate your computer through security vulnerabilities and alter the browser settings, causing web-surfing activities to be interrupted and diverted to the My-protection.info web page. Once here, your PC is subject to a fake online scan that reports various fabricated infection results in order to scare you into purchasing Fast Antivirus 2009.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\\All Users\Application Data\9adee5b\17.mof 2 %Documents and Settings%\\All Users\Application Data\9adee5b\FastAV.exe 3 %Documents and Settings%\\All Users\Application Data\9adee5b\mozcrt19.dll 4 %Documents and Settings%\\All Users\Application Data\9adee5b\sqlite3.dll 5 %Documents and Settings%\\All Users\Application Data\9adee5b\SysFld 6 %Documents and Settings%\\All Users\Application Data\9adee5b\SysFld\vd952342.bd 7 %Documents and Settings%\\All Users\Application Data\SysFld 8 %Documents and Settings%\\All Users\Application Data\SysFld\fastav.cfg 9 %Documents and Settings%\All Users\Application Data\9adee5b 10 %UserProfile%\Application Data\Fast Antivirus 2009 11 %UserProfile%\Application Data\Fast Antivirus 2009\cookies.sqlite 12 %UserProfile%\Application Data\Fast Antivirus 2009\Instructions.ini 13 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Fast Antivirus 2009.lnk 14 %UserProfile%\Desktop\Fast Antivirus 2009.lnk 15 %UserProfile%\Recent\ANTIGEN.sys 16 %UserProfile%\Recent\cid.dll 17 %UserProfile%\Recent\CLSV.dll 18 %UserProfile%\Recent\CLSV.tmp 19 %UserProfile%\Recent\ddv.dll 20 %UserProfile%\Recent\dudl.dll 21 %UserProfile%\Recent\eb.drv 22 %UserProfile%\Recent\eb.tmp 23 %UserProfile%\Recent\energy.sys 24 %UserProfile%\Recent\fix.drv 25 %UserProfile%\Recent\gid.exe 26 %UserProfile%\Recent\hijackthis.log.lnk 27 %UserProfile%\Recent\PE.drv 28 %UserProfile%\Recent\PE.sys 29 %UserProfile%\Recent\PE.tmp 30 %UserProfile%\Recent\SICKBOY.dll 31 %UserProfile%\Recent\tempdoc.sys 32 %UserProfile%\Start Menu\Fast Antivirus 2009.lnk 33 %UserProfile%\Start Menu\Programs\Fast Antivirus 2009.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "898701124903"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Fast Antivirus 2009"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\FastAV.DocHostUIHandler
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.