Home Malware Programs Rogue Anti-Spyware Programs ProtectCop


Posted: December 9, 2011

Threat Metric

Threat Level: 8/10
Infected PCs: 583
First Seen: December 9, 2011
Last Seen: February 20, 2021
OS(es) Affected: Windows

ProtectCop is a fake anti-malware program from Korea that distributes itself through the protectcop.com website. As a clone of equally-fraudulent ProtectInfo, ProtectCop will attempt to display inaccurate system scans and pop-ups that confuse you about your computer's health. Ultimately, this may lead to the attempted theft of your credit card information or finances, and SpywareRemove.com malware researchers recommend that you delete ProtectCop in haste if ProtectCop does manage to find its way onto your PC. Since ProtectCop may attempt to block PC security software that could remove ProtectCop, you should remove ProtectCop by switching to Safe Mode and running an anti-malware scanner while ProtectCop is fully-deactivated.

Why You Shouldn't Give the Time of Day to ProtectCop's Virtual Tickets

ProtectCop, like other types of rogue anti-malware software, has no actual PC threat-detection or removal features, although its interface would like to pretend otherwise. Provided that you can read ProtectCop's interface (most of which is in Korean) you'll find that ProtectCop is warning you about a wide range of supposed problems with your PC. However, this is because ProtectCop is designed to create the appearance of these issues without actually trying to detect them, and SpywareRemove.com malware analysts have found all of zero real PC security functions contained within ProtectCop's code.

ProtectCop is spread throughout the web by protectcop.com, which is a confirmed vector for PC threat propagation. Visits to ProtectCop's website, especially if you're using a web browser with poor security or one that allows scripts to run automatically, can cause your PC to be infected by ProtectCop even if you don't download ProtectCop of your own free will. SpywareRemove.com malware researchers haven't noted other distribution methods for ProtectCop, so the chance of being attacked by ProtectCop if you stay away from protectcop.com can be considered a minor one.

Policing ProtectCop Before It Scams You Out of Your Spare Cash

The top risk from any ProtectCop infection is the possibility of being convinced that purchasing ProtectCop will remove its fake alerts and any other attacks that ProtectCop may have launched, such as blocking PC security applications or redirecting your web browser to hostile sites. However, purchasing a rogue anti-malware application of any sort, including ProtectCop, is strongly-discouraged due to the inherent danger involved in allowing criminals to access your credit card information. If you get rid of ProtectCop with an appropriate anti-malware program, you should be able to shut down all corresponding symptoms of a ProtectCop infection.

Because software-blocking behavior is common for ProtectCop, ProtectInfo and similar types of scamware programs, you should be ready to use Safe Mode to prevent such attacks before you scan your PC. SpywareRemove.com malware experts also recommend that you rename any blocked program files to generic titles (such as 'explorer.exe' or 'iexplore.exe') to allow them to slip through via ProtectCop's whitelist.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to ProtectCop may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ProgramFiles%\ProtectCop File name: %ProgramFiles%\ProtectCop
Group: Malware file
%StartMenu%\ProtectCop File name: %StartMenu%\ProtectCop
Group: Malware file
C:\Program Files\ProtectCop\ProtectCopLaunch.exe File name: C:\Program Files\ProtectCop\ProtectCopLaunch.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ProtectCop HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ProtectCopUp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProtectCopHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run