Friday, December 12, 2008

SysProtect Adware

Removing SysProtect
Categories: Adware,Ransomware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk

How to detect SysProtect:

Files:
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk

Folders:
[%PROGRAM_FILES%]\SysProtect Free
[%PROGRAM_FILES%]\SysProtect
[%PROGRAM_FILES_COMMON%]\SysProtect
[%COMMON_PROGRAMS%]\SysProtect Unregistered Version

Registry Keys:
HKEY_CLASSES_ROOT\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA}
HKEY_CLASSES_ROOT\CheckProd.CheckProduct
HKEY_CLASSES_ROOT\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}
HKEY_CLASSES_ROOT\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}
HKEY_CLASSES_ROOT\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0}
HKEY_CLASSES_ROOT\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}
HKEY_CLASSES_ROOT\clsid\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
HKEY_CLASSES_ROOT\flfxr15.flfixer15
HKEY_CLASSES_ROOT\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
HKEY_CLASSES_ROOT\interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
HKEY_CLASSES_ROOT\interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
HKEY_CLASSES_ROOT\typelib\{7eacf70b-302f-4049-ac68-2d62eb43e473}\1.0
HKEY_CLASSES_ROOT\typelib\{7fa4ec26-6a28-4474-857d-bb05b001c84a}\1.0
HKEY_CLASSES_ROOT\typelib\{96d58666-8f00-4a9d-9389-c17aaa2407c9}\1.0
HKEY_CLASSES_ROOT\typelib\{e79d5e54-81c9-41ae-9d7b-03f1e5a7733d}\1.0
HKEY_CLASSES_ROOT\typelib\{f585cb1f-f17d-4007-a573-b663197ef500}\1.0
HKEY_LOCAL_MACHINE\Software\SysProtect
HKEY_CLASSES_ROOT\AppID\CheckProduct2_1.DLL
HKEY_CLASSES_ROOT\AppID\compclr.dll
HKEY_CLASSES_ROOT\AppID\FFWrapr.DLL
HKEY_CLASSES_ROOT\CheckProd.CheckProduct.1
HKEY_CLASSES_ROOT\ComCleanCore.AppCleaner
HKEY_CLASSES_ROOT\ComCleanCore.CCQuickScan
HKEY_CLASSES_ROOT\ComCleanCore.CCQuickScan.1
HKEY_CLASSES_ROOT\ComCleanCore.FileCleaner
HKEY_CLASSES_ROOT\ComCleanCore.FileCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.InetCleaner
HKEY_CLASSES_ROOT\ComCleanCore.InetCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.RegCleaner
HKEY_CLASSES_ROOT\ComCleanCore.RegCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.SystemCleaner
HKEY_CLASSES_ROOT\ComCleanCore.SystemCleaner.1
HKEY_CLASSES_ROOT\df_fixr.Fixer.1
HKEY_CLASSES_ROOT\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}
HKEY_CURRENT_USER\Software\SysProtect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN
HKEY_CLASSES_ROOT\appid\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
HKEY_CLASSES_ROOT\checkprod.checkproduct
HKEY_CLASSES_ROOT\clsid\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
HKEY_CLASSES_ROOT\clsid\{9e87077c-380c-407d-8dab-eedad95c0a5d}
HKEY_CLASSES_ROOT\clsid\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
HKEY_CLASSES_ROOT\clsid\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
HKEY_CLASSES_ROOT\interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
HKEY_CURRENT_USER\software\sysprotect free
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\usyp_is1
HKEY_LOCAL_MACHINE\software\sysprotect

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SysProtect:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Spy.Win32.Banker.mt Trojan
Vxidl.ARC Trojan Removal instruction
Win32.Byte Trojan Cleaner

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)