ProtectCop

Posted: December 9, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	583

First Seen:	December 9, 2011
Last Seen:	February 20, 2021
OS(es) Affected:	Windows

ProtectCop is a fake anti-malware program from Korea that distributes itself through the protectcop.com website. As a clone of equally-fraudulent ProtectInfo, ProtectCop will attempt to display inaccurate system scans and pop-ups that confuse you about your computer's health. Ultimately, this may lead to the attempted theft of your credit card information or finances, and SpywareRemove.com malware researchers recommend that you delete ProtectCop in haste if ProtectCop does manage to find its way onto your PC. Since ProtectCop may attempt to block PC security software that could remove ProtectCop, you should remove ProtectCop by switching to Safe Mode and running an anti-malware scanner while ProtectCop is fully-deactivated.

Why You Shouldn't Give the Time of Day to ProtectCop's Virtual Tickets

ProtectCop, like other types of rogue anti-malware software, has no actual PC threat-detection or removal features, although its interface would like to pretend otherwise. Provided that you can read ProtectCop's interface (most of which is in Korean) you'll find that ProtectCop is warning you about a wide range of supposed problems with your PC. However, this is because ProtectCop is designed to create the appearance of these issues without actually trying to detect them, and SpywareRemove.com malware analysts have found all of zero real PC security functions contained within ProtectCop's code.

ProtectCop is spread throughout the web by protectcop.com, which is a confirmed vector for PC threat propagation. Visits to ProtectCop's website, especially if you're using a web browser with poor security or one that allows scripts to run automatically, can cause your PC to be infected by ProtectCop even if you don't download ProtectCop of your own free will. SpywareRemove.com malware researchers haven't noted other distribution methods for ProtectCop, so the chance of being attacked by ProtectCop if you stay away from protectcop.com can be considered a minor one.

Policing ProtectCop Before It Scams You Out of Your Spare Cash

The top risk from any ProtectCop infection is the possibility of being convinced that purchasing ProtectCop will remove its fake alerts and any other attacks that ProtectCop may have launched, such as blocking PC security applications or redirecting your web browser to hostile sites. However, purchasing a rogue anti-malware application of any sort, including ProtectCop, is strongly-discouraged due to the inherent danger involved in allowing criminals to access your credit card information. If you get rid of ProtectCop with an appropriate anti-malware program, you should be able to shut down all corresponding symptoms of a ProtectCop infection.

Because software-blocking behavior is common for ProtectCop, ProtectInfo and similar types of scamware programs, you should be ready to use Safe Mode to prevent such attacks before you scan your PC. SpywareRemove.com malware experts also recommend that you rename any blocked program files to generic titles (such as 'explorer.exe' or 'iexplore.exe') to allow them to slip through via ProtectCop's whitelist.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ProgramFiles%\ProtectCop

File name: %ProgramFiles%\ProtectCop
Group: Malware file

%StartMenu%\ProtectCop

File name: %StartMenu%\ProtectCop
Group: Malware file

C:\Program Files\ProtectCop\ProtectCopLaunch.exe

File name: C:\Program Files\ProtectCop\ProtectCopLaunch.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ProtectCop HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ProtectCopUp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProtectCopHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run