Srv-scan.us
Srv-scan.us is a browser hijacker promoting the rogue anti-spyware application called System Protector. Typically your computer will be infiltrated by affiliated trojan viruses that modify your browser settings in order to redirect web-surfing activities to the Srv-scan.us domain. Here your computer is subject to a free online scan, which is nothing more than an animated sequence that delivers the same results; numerous fabricated infections. You are then persuaded to purchase and download System Protector in order to combat these non-existent threats.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\System Protector 2 %UserProfile%\Application Data\install.exe 3 %UserProfile%\Application Data\lsascs.exe 4 %UserProfile%\Application Data\Microsoft\windll32.exe 5 %UserProfile%\Application Data\shellex.dll 6 %UserProfile%\Application Data\SpyProtectorSC_Base_new.dat 7 %UserProfile%\Application Data\SpyProtectorSC_Config.ini 8 %UserProfile%\Desktop\System Protector.lnk 9 %UserProfile%\Start Menu\Programs\System Protector\Purchase License.url 10 %UserProfile%\Start Menu\Programs\System Protector\Support Page.url 11 %UserProfile%\Start Menu\Programs\System Protector\System Protector.lnk 12 %WINDOWS%\system32\spyprotector.cpl
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" => 1HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellexHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System Protector"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.