SysProtectionPage
SysProtectionPage, or SysProtect, claims to be a system repair program, but instead it is a computer hijacker known as ZLOB Trojan.
SysProtectionPage browser hijacker redirects the browser to sites where the user is tricked into downloading fake anti-spyware products such as PestTrap and SpyHeal. SysProtectionPage redirects users to sysprotectionpage.com or other websites like syssecuritysite.com.
SysProtect is also a clone of WinFixer and ErrorSafe.
File System Modifications
- The following files were created in the system:
# File Name 1 activate.exe 2 flfxr15.dll 3 frec.dll 4 fwraper.dll 5 fxcore.dll 6 install sysprotect.lnk 7 insthelp.exe 8 license.rtf 9 mmfx.dll 10 pcheck.dll 11 resource.xml 12 sysprotect.lnk 13 sysprotectscannersetup.exe 14 updater.exe 15 usyp.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run sysprotect freeHKEY_CURRENT_USER\software\sysprotect freeHKEY_LOCAL_MACHINE\software\sysprotectHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\appid\{4f5e5d72-c915-4f3b-908b-527d064b0faa}HKEY_CLASSES_ROOT\checkprod.checkproductHKEY_CLASSES_ROOT\clsid\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}HKEY_CLASSES_ROOT\clsid\{9e87077c-380c-407d-8dab-eedad95c0a5d}HKEY_CLASSES_ROOT\clsid\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}HKEY_CLASSES_ROOT\clsid\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}HKEY_CLASSES_ROOT\clsid\{f63e3b76-f82f-46eb-851c-8c0a221686bb}HKEY_CLASSES_ROOT\flfxr15.flfixer15HKEY_CLASSES_ROOT\interface\{02946fd1-2d99-46e6-a790-3a089714edd9}HKEY_CLASSES_ROOT\interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}HKEY_CLASSES_ROOT\interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}HKEY_CLASSES_ROOT\typelib\{7eacf70b-302f-4049-ac68-2d62eb43e473}\1.0HKEY_CLASSES_ROOT\typelib\{7fa4ec26-6a28-4474-857d-bb05b001c84a}\1.0HKEY_CLASSES_ROOT\typelib\{96d58666-8f00-4a9d-9389-c17aaa2407c9}\1.0HKEY_CLASSES_ROOT\typelib\{e79d5e54-81c9-41ae-9d7b-03f1e5a7733d}\1.0HKEY_CLASSES_ROOT\typelib\{f585cb1f-f17d-4007-a573-b663197ef500}\1.0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run ni.usypHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}usyp_is1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.