Home Rogue Websites Prosecure-protection1.com

Prosecure-protection1.com

Posted: January 25, 2010

Prosecure-protection1.com is a browser hijacker. If a user has inadvertently entered the Prosecure-protection1.com website while surfing the Internet, his/her computer may have issues with browser redirects. Browser hijackers such as Trojans may have diverted the user to visit the infected Prosecure-protection1.com website.

Prosecure-protection1.com may display bogus system scans and pop-ups on a user's computer and promote the Personal Security Antivirus. The Personal Security rogueware which is supported by this browser hijacker is already recognized as fake anti-virus protection software, therefore do not authorize your credit card details to buy this rogue security program.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\All Users\Start Menu\PSecurity
    2 %Documents and Settings%\All Users\Start Menu\PSecurity\Computer Scan.lnk
    3 %Documents and Settings%\All Users\Start Menu\PSecurity\Help.lnk
    4 %Documents and Settings%\All Users\Start Menu\PSecurity\Personal Security.lnk
    5 %Documents and Settings%\All Users\Start Menu\PSecurity\Registration.lnk
    6 %Documents and Settings%\All Users\Start Menu\PSecurity\Security Center.lnk
    7 %Documents and Settings%\All Users\Start Menu\PSecurity\Settings.lnk
    8 %Documents and Settings%\All Users\Start Menu\PSecurity\Update.lnk
    9 %Program Files%\Common Files\PSecurityUninstall
    10 %Program Files%\Common Files\PSecurityUninstall\Uninstall.lnk
    11 %Program Files%\PSecurity
    12 %Program Files%\PSecurity\psecurity.exe
    13 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
    14 %UserProfile%\Desktop\Personal Security.lnk
    15 %WINDOWS%\system32\win32extension.dll
    16 Psecurity.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PSecurity"HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinTSI 01.12.2009"