Sys-Look-Scan.biz
Sys-Look-Scan.biz is a malicious web page. It is possible that Sys-Look-Scan.biz was created by the same malicious group that pushes System Protector which is a rogue anti-spyware application. Your web browser may have been hijacked if you are redirected to Sys-Look-Scan.biz where you may be offered to download and/or purchase System Protector. Do not make the mistake of purchasing any rogue anti-spyware program such as System Protect that is advertised on Sys-Look-Scan.biz. It is important to perform a system scan with a reputable spyware scan tool if you notice that you have been redirected to Sys-Look-Scan.biz.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\System Protector 2 %UserProfile%\Application Data\install.exe 3 %UserProfile%\Application Data\lsascs.exe 4 %UserProfile%\Application Data\Microsoft\windll32.exe 5 %UserProfile%\Application Data\shellex.dll 6 %UserProfile%\Application Data\SpyProtectorSC_Base_new.dat 7 %UserProfile%\Application Data\SpyProtectorSC_Config.ini 8 %UserProfile%\Desktop\System Protector.lnk 9 %UserProfile%\Start Menu\Programs\System Protector\Purchase License.url 10 %UserProfile%\Start Menu\Programs\System Protector\Support Page.url 11 %UserProfile%\Start Menu\Programs\System Protector\System Protector.lnk 12 %WINDOWS%\system32\spyprotector.cpl
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" => 1HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellexHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System Protector"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.