Secure1.protection-av.com
Secure1.protection-av.com (or Secure2.net-protection.net) are both related to the rogue malware remover My Security Shield. These sites use fake popup messages to scare users to belive that their computer is infected with malware. This trickery is to urge the purchase of My Security Shield to remove the so-called threats. My Security Shield is useless and should be removed from the system along with Secure1.protection-av.com and Secure2.net-protection.net.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk 2 %Documents and Settings%\[UserName]\Application Data\My Security Shield\ 3 %Documents and Settings%\[UserName]\Application Data\My Security Shield\cookies.sqlite 4 %Documents and Settings%\[UserName]\Desktop\My Security Shield.lnk 5 %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv 6 %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe 7 %Documents and Settings%\[UserName]\Recent\cid.dll 8 %Documents and Settings%\[UserName]\Recent\CLSV.drv 9 %Documents and Settings%\[UserName]\Recent\DBOLE.sys 10 %Documents and Settings%\[UserName]\Recent\ddv.dll 11 %Documents and Settings%\[UserName]\Recent\ddv.sys 12 %Documents and Settings%\[UserName]\Recent\energy.tmp 13 %Documents and Settings%\[UserName]\Recent\FS.drv 14 %Documents and Settings%\[UserName]\Recent\gid.drv 15 %Documents and Settings%\[UserName]\Recent\PE.drv 16 %Documents and Settings%\[UserName]\Recent\PE.exe 17 %Documents and Settings%\[UserName]\Recent\PE.sys 18 %Documents and Settings%\[UserName]\Recent\PE.tmp 19 %Documents and Settings%\[UserName]\Recent\runddlkey.dll 20 %Documents and Settings%\[UserName]\Recent\std.exe 21 %Documents and Settings%\[UserName]\Recent\tjd.drv 22 %Documents and Settings%\[UserName]\Recent\tjd.sys 23 %Documents and Settings%\[UserName]\StartMenu\My Security Shield.lnk 24 %Documents and Settings%\[UserName]\StartMenu\Programs\My Security Shield.lnk 25 %Documents and Settings%\All Users\Application Data\8d7ca11\ 26 %Documents and Settings%\All Users\Application Data\8d7ca11\25.mof 27 %Documents and Settings%\All Users\Application Data\8d7ca11\MS8d7c_2155.exe 28 %Documents and Settings%\All Users\Application Data\8d7ca11\MSS.ico 29 %Documents and Settings%\All Users\Application Data\8d7ca11\MSSSys\vd952342.bd
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\3HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\MSSSys.DocHostUIHandler
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.