Security Protection
Posted: June 3, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 61 |
| First Seen: | August 9, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Security Protection is the latest entry in the System Tool family of rogue security programs. The skin that Security Protection uses is different enough to make the program appear unrelated to typical System Tool clones, but Security Protection will use the same attacks that other members of the System Tool gang are known for. Problems related to Security Protection include blocked applications, fake infection warnings and browser hijacks. You should never purchase a Security Protection activation or registration key; instead, delete Security Protection from your PC by using appropriate security software.
Security Protection - Part of a Family That Capitalizes on Poor Advertising
Security Protection is a recent addition to a burgeoning group of threats; this group's most notable member is System Tool, but other members include System Tool 2.20, System Tool 2011, Security Tool Protect Your PC, Home Personal Antivirus, Advanced Security Tool 2010, XP Deluxe Protector, Spyware Protection and Security Central.
All threats that are related to Security Protection and System Tool imitate the superficial details of anti-virus and security programs by pretending to offer privacy services, firewall settings, and virus detection functions. However, Security Protection can't detect or remove viruses or other PC threats, and pop-up warnings like the samples you see below are all fake:
Security Protection Warning
Your PC is infected with dangerous viruses. Activate anti-virus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...
Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
CLick [sic] Yes to download official intrusion detection system (IDS software).
Security Protection Warning
Intercepting programs that may compromise your private and harm your system have been detected on your PC.
Click here to remove them immediately with Security Tool.
Since the warnings and alerts don't contain accurate data, their only real purpose is to send you towards the Security Protection homepage, which will request your credit card number to purchase Security Protection's (nonexistent) threat-removal capabilities.
The Side of Security Protection that It Hides from You
Security Protection may show Security Protection's fake anti-virus features brazenly, but Security Protection's other and more genuinely potent features are hidden from you. Security Protection may also:
- Block programs from launching, with or without fake errors that tell you that the program is infected. Security Protection will do this primarily to stop you from using anti-virus and security programs.
- Hijack your web browser to redirect you to the Security Protection domain or other malicious websites. Browser hijacks can also create fake errors to block websites, play advertisements or change your browser settings.
- Run without your permission every single time that Windows starts. Attempts to close Security Protection may result in failure, since threats from the System Tool family can hide themselves as background memory processes.
Some System Tool-related rogue security programs can be deactivated with the freely-circulated registration code 'WNDS-S0DF5-GS5E0-FG14S-2DF8G,' which may be useful during uninstallation. Safe Mode or booting from a CD will also help neuter Security Protection's attacks, although you should still resort to proper anti-virus software to remove Security Protection from your PC.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:106.exe
File name: 106.exeSize: 888.83 KB (888832 bytes)
MD5: 8b3568d9d9b9467719f0ccc1543342df
Detection count: 98
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
73.exe
File name: 73.exeSize: 1.04 MB (1048064 bytes)
MD5: 1028eaac792f36b354757f6cbc5260d5
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
defender.exe
File name: defender.exeSize: 843.77 KB (843776 bytes)
MD5: e47251c8242e3da326182c41358fda52
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
defender.exe
File name: defender.exeSize: 913.92 KB (913920 bytes)
MD5: 465f1ad013f80c8e48476215a25d911f
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
1.exe
File name: 1.exeSize: 942.08 KB (942080 bytes)
MD5: 85c2f2e5dc53b4f8ecfede0973f335df
Detection count: 11
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
%AppData%\defender.exe
File name: %AppData%\defender.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%UserProfile%\Start Menu\Security Protection.lnk
File name: %UserProfile%\Start Menu\Security Protection.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
Additional Information
| # | Message |
|---|---|
| 1 | Security Warning Malicious program has been detected. Click here to protect your computer. |
| 2 | taskmgr.exe can not start File taskmgr.exe is infected by W32/Blaster.worm. Please activate Security Protection to protect your computer. |
Related Posts
- Internet Security Protection
- International Cyber Security Protection Alliance Virus
- Total Security Protection Center
I am abandon in this situation, Security Protection is closing down all of my web browsers when I try to open them. If I can remove their program I could download trendmicro from my account and have my hard drive back. Help Steve
Security Protection wont let me surf the net. It wont even let me open up some of my files. It keeps saying "warning: your computer is infected" .. I don't get it, infected with what? Seems to me Security Protection is not real or it is the real infection itself. Going to try your Malware Scanner. Keeping fingers crossed!
How much is your product to remove Security Protection?
f*** this and no i downloading nothing just come a website and got a screen in my face with java update few sec later booooooooooom i got security protection on mijn pc everthing sut down and fuck olso mijn mcafee WHY MCAFEE DONT PROTECT ME AGAINST IT ?????????????????????????????????????????????
IM NOW TRYING SPYHUNTER 4 BUT Y KNOW WHAT I THINK I REALLLLLLLLY DONT GET HTIS JUST A COUPLE OF DAYS AGO I SCAN MYN PC AND IT WHAS OKE WITH MCAFEE AND WITH SPYHUNTER 4 I HAVE OLREADY MORE THAN 300 TREATS AND IT IS STIL RUNNINIG
ANY ONE WHO KNOW FROM WHO security protection IS ? HOW CAN I GET IN CONTACT WITH THEM ?
PLEAS Y MAKE MY DAY BETER IF Y CAN SAY IT HEEEEEEEEEEEEEEEEE WHAT IS THIS NOW I GET A MESSAGE THAT SAY TO ME DUPI COMANT POST
First a big THANK YOU to Doug. This virus landed on my computer this past weekend. I am not a tech person so this was beyond frustrating. Within a few hours the virus wreck havoc and I could not even open anything on my desktop let alone my browser. Thank God I located Doug's info and this site before I was completely locked down. Just as I was about to give up I decided to back up my files assuming I would have to get help. 50% into the preparation of the files I stopped it because I assumed I was backing up the virus. Believe it or not when I restarted the computer I could open my browser and then proceed with the instructions to delete this virus. Try this if you are locked out and hopefully it will work for you. Doug's instructions worked like a charm and I have my computer back. Thanks again Doug.
THANK YOU FOR SPYHUNTERS
GOOD LUCK..!
very hard to remove this program. Tried safe mode and deleted the files but somehow the program came back after reboot. my norton would not detect or remove it. your spyhunter download detected it right away. going to register and give it a try. thanks for being honest with your program malware remover.
Hijo de la gran puta de sus madres. estafadores con migo no al podido. ya que tengo mucha esperiencia el ifomatica desde los año del sincle mamones. jajajajajaja
Guys no worries about it,its easy to fix just follow the given locations above and just simply delete those random characters. Don't forget to boot your computer to safemode with networking before doing that,so that there is no pop-up.
i want this removed
remove this please
am having a problem with my sreen all the time open any file a comment come infont of my sreen saying secuirity protection.