System-protector.org
System-protector.org is a browser hijacker sponsoring the rogue anti-spyware application known as System Protector. In order to achieve this goal, trojan viruses infiltrate your system and modify your browser settings, causing web-surfing activities to become diverted to the System-protector.org domain. Here you are subject to aggressive advertising, and a false online scan, which reports various fabricated infection results, all in order to persuade you to purchase and install System Protector.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\System Protector 2 %UserProfile%\Application Data\install.exe 3 %UserProfile%\Application Data\lsascs.exe 4 %UserProfile%\Application Data\Microsoft\windll32.exe 5 %UserProfile%\Application Data\shellex.dll 6 %UserProfile%\Application Data\SpyProtectorSC_Base_new.dat 7 %UserProfile%\Application Data\SpyProtectorSC_Config.ini 8 %UserProfile%\Desktop\System Protector.lnk 9 %UserProfile%\Start Menu\Programs\System Protector\Purchase License.url 10 %UserProfile%\Start Menu\Programs\System Protector\Support Page.url 11 %UserProfile%\Start Menu\Programs\System Protector\System Protector.lnk 12 %WINDOWS%\system32\spyprotector.cpl
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" => 1HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellexHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\System ProtectorHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System Protector"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.