Home Malware Programs Browser Hijackers Protectinternet.com

Protectinternet.com

Posted: February 22, 2010

Protectinternet.com is the cyber home of the rogue anti-virus program Virus Protector. If your browser is being constantly redirected to Protectinternet.com, your computer has most likely been infected with Trojans affiliated to Virus Protector scareware. These malicious Trojans are responsible for hijacking the browser and producing loads of fake alerts. Protectinternet.com's Trojans can alter the browser configuration and change the proxy settings. Protectinternet.com's main goal is to attract users and then redirect them to "https://www.superbillingsolution.com/buy.php", which is actually the hackers' billing system which processes the victims' payments for Virus Protector malware registration. For the sake of your privacy and the health of your computer, you should rid yourself of Protectinternet.com using effective anti-malware software.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Application Data\[random].dll
    2 %Documents and Settings%\[UserName]\Application Data\[random].exe
    3 %Documents and Settings%\[UserName]\Local Settings\Temp\[random].dll
    4 %Documents and Settings%\[UserName]\Local Settings\Temp\[random].exe
    5 %Program Files%\Internet Explorer\[random].dll
    6 %Program Files%\Internet Explorer\[random].exe
    7 %WINDOWS%\[random].dll
    8 %WINDOWS%\[random].exe
    9 %WINDOWS%\system32\[random].dll
    10 %WINDOWS%\system32\[random].exe
    11 %WINDOWS%\system32\drivers\[random].dll
    12 %WINDOWS%\system32\drivers\[random].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Virus Protector"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs" = "[random].dll"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "LoadAppInit_DLLs" = "1"
Loading...