SpyProtector
Posted: October 21, 2008
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 1,508 |
|---|---|
| Threat Level: | 10/10 |
| Infected PCs: | 54,252 |
| First Seen: | July 24, 2009 |
|---|---|
| Last Seen: | October 16, 2023 |
| OS(es) Affected: | Windows |
SpyProtector is a rogue anti-spyware program usually installed by Trojan Vundo disguised as a video codec. SpyProtector may try to push itself through pop-ups while you're surfing the Internet. Once installed, SpyProtector may generate numerous pop-ups stating that you're infected with spyware. In order to remove the supposed spyware infections, SpyProtector will then urge you to purchase its full version.
All links provided by SpyProtector will redirect you to SpyProtector's website (Spyprotector.org) or othe malicious websites that sell SpyProtector as a supposed legitimate anti-spyware program. SpyProtector may also use its fake online spyware scanner to make you believe you're infected with spyware. Furthermore, security alerts may appear in your taskbar stating that your computer is being attacked or is infected. SpyProtector may launch on every Windows startup.
Aliases
Generic Trojan [Panda]Win32/Adware.SpyProtector.K [NOD32]Trojan.DisableTask.1943040.2 [McAfee-GW-Edition]Generic!Artemis [McAfee+Artemis]not-a-virus:FraudTool.Win32.Spyprotector.aw [K7AntiVirus]Trojan.Win32.FakePowav [Ikarus]FraudTool.Win32.Spyprotector.aw [F-Secure]Win32.TrojanFakePowa [eSafe]Trojan.Fakealert.4191 [DrWeb]Trojan.FakeAV.JW [BitDefender]TR/DisableTask.1943040.2 [AntiVir]SecurityRisk.Downldr [Symantec]SystemProtector [Sunbelt]Troj/FakeVir-IP [Sophos]Trj/CI.A [Panda]
More aliases (37)
More aliases (37)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:install[1].exe
File name: install[1].exeSize: 1.26 MB (1265178 bytes)
MD5: 6108a4fe62fdf7282916f1896631e4e5
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
spyprotector.cpl
File name: spyprotector.cplSize: 42.49 KB (42496 bytes)
MD5: 79a1490617886fc9ee446a03af969919
Detection count: 70
Mime Type: unknown/cpl
Group: Malware file
Last Updated: December 11, 2009
lsascs.exe
File name: lsascs.exeSize: 1.94 MB (1943040 bytes)
MD5: ea6aa2157dc5512fcd0e7678d01a48ff
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
srcss.exe
File name: srcss.exeSize: 1.69 MB (1699328 bytes)
MD5: 20950390517f53675a9bec6cbd67d67e
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
install.exe
File name: install.exeSize: 947.49 KB (947491 bytes)
MD5: 4ca4c59df3afc925170ea3665ac0965c
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
spyprotector_install[1].exe
File name: spyprotector_install[1].exeSize: 73.72 KB (73728 bytes)
MD5: 42957422d022ac6a4b90a175cc1beb03
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
install[1].exe
File name: install[1].exeSize: 1.33 MB (1339391 bytes)
MD5: b35883224a9e56627a5fc8c31c960ea9
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
install[1].exe, setup.exe
File name: install[1].exe, setup.exeSize: 1.32 MB (1321296 bytes)
MD5: 5728605e733b19511b85484de8bf8475
Detection count: 1
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
lsascs.exe
File name: lsascs.exeSize: 1.94 MB (1943040 bytes)
MD5: 082cf091621f0a426f28e258bbc70862
Detection count: 0
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 1, 2010
Registry Modifications
The following newly produced Registry Values are:
File name without pathSpy Protector.lnk
File name without pathSpy Protector.lnk
Additional Information
The following directories were created:
%AppData%\SpyProtector
I tried to rmv defender pro myself after it caused many problems. I have done extensive research and this is a masked spyware program. Beware: The people who are praising it on this site are most likely employees of Defender Pro. It is a horrible, useless, fraudulent program. When I uninstalled it I could uninstall everything except the "Defender Pro Internet Service 6.0" folder in C:/Program Files/Defender Pro....I could not uninstall or neither could I delete it. Everytime my PC booted I got a popup from Defender Pro telling me the program was not installed and I should install it. This was obviously annoying. The error message for attempted deletion was "Shellex.dll" could not be removed. Ok, so just do this....open up the "Defender Pro Internet Security 6.0" program Folder...highlight everything and hit delete. The only thing that won't delete is the now famous "Shellex.dll" folder. Well on the next startup I didn't get the annoying box so as far as I'm concerned it's gone and "Shellex.dll" can just sit on my PC by itself and do nothing.
As to shellex.dll...see what the experts had to say....
A .dll file (Dynamic Link Library) is a special type of Windows program containing functions that other programs can call. This .dll file can be injected to all running processes and can change or manipulate their behavior. The program has no visible window. There is no detailed description of this service. It can change the behavior of other programs or manipulate other programs. It is not a Windows core file. shellex.dll is able to record inputs. Therefore the technical security rating is 58% dangerous, however also read the users reviews.
If shellex.dll is located in the folder C:\Windows\System32 then the security rating is 72% dangerous.
Important: Some malware camouflage themselves as shellex.dll, particularly if they are located in c:\windows or c:\windows\system32 folder.
The shellext.dll file is installed and used by WinAntiSpyware.
(click on the name(s) to read more about the infection).
shellext.dll Automatic Detection
WARNING!!! shellext.dll file is related to spyware. Your computer's security and privacy may be at risk. We recommend you run a scan of your computer to detect any spyware threats.
....."it's able to "record inputs"...."some are malware camouflage"...once again Defender Pro is a spyware program masked and advertised as some kind of legitimit program to aid your PC.
If shellex.dll comes back to haunt me or you go to this link for removal instructions...
http://www.spywareremove.com/removeshellextdll.html
Good luck!!!