Technical details:
Categories: Adware,Ransomware
SysProtect Folders:
[%PROGRAM_FILES%]\SysProtect Free
[%PROGRAM_FILES%]\SysProtect
[%PROGRAM_FILES_COMMON%]\SysProtect
[%COMMON_PROGRAMS%]\SysProtect Unregistered Version
SysProtect Files:
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk
SysProtect Registry Keys:
HKEY_CLASSES_ROOT\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA}
HKEY_CLASSES_ROOT\CheckProd.CheckProduct
HKEY_CLASSES_ROOT\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}
HKEY_CLASSES_ROOT\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}
HKEY_CLASSES_ROOT\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0}
HKEY_CLASSES_ROOT\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}
HKEY_CLASSES_ROOT\clsid\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
HKEY_CLASSES_ROOT\flfxr15.flfixer15
HKEY_CLASSES_ROOT\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
HKEY_CLASSES_ROOT\interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
HKEY_CLASSES_ROOT\interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
HKEY_CLASSES_ROOT\typelib\{7eacf70b-302f-4049-ac68-2d62eb43e473}\1.0
HKEY_CLASSES_ROOT\typelib\{7fa4ec26-6a28-4474-857d-bb05b001c84a}\1.0
HKEY_CLASSES_ROOT\typelib\{96d58666-8f00-4a9d-9389-c17aaa2407c9}\1.0
HKEY_CLASSES_ROOT\typelib\{e79d5e54-81c9-41ae-9d7b-03f1e5a7733d}\1.0
HKEY_CLASSES_ROOT\typelib\{f585cb1f-f17d-4007-a573-b663197ef500}\1.0
HKEY_LOCAL_MACHINE\Software\SysProtect
HKEY_CLASSES_ROOT\AppID\CheckProduct2_1.DLL
HKEY_CLASSES_ROOT\AppID\compclr.dll
HKEY_CLASSES_ROOT\AppID\FFWrapr.DLL
HKEY_CLASSES_ROOT\CheckProd.CheckProduct.1
HKEY_CLASSES_ROOT\ComCleanCore.AppCleaner
HKEY_CLASSES_ROOT\ComCleanCore.CCQuickScan
HKEY_CLASSES_ROOT\ComCleanCore.CCQuickScan.1
HKEY_CLASSES_ROOT\ComCleanCore.FileCleaner
HKEY_CLASSES_ROOT\ComCleanCore.FileCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.InetCleaner
HKEY_CLASSES_ROOT\ComCleanCore.InetCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.RegCleaner
HKEY_CLASSES_ROOT\ComCleanCore.RegCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.SystemCleaner
HKEY_CLASSES_ROOT\ComCleanCore.SystemCleaner.1
HKEY_CLASSES_ROOT\df_fixr.Fixer.1
HKEY_CLASSES_ROOT\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}
HKEY_CURRENT_USER\Software\SysProtect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN
HKEY_CLASSES_ROOT\appid\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
HKEY_CLASSES_ROOT\checkprod.checkproduct
HKEY_CLASSES_ROOT\clsid\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
HKEY_CLASSES_ROOT\clsid\{9e87077c-380c-407d-8dab-eedad95c0a5d}
HKEY_CLASSES_ROOT\clsid\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
HKEY_CLASSES_ROOT\clsid\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
HKEY_CLASSES_ROOT\interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
HKEY_CURRENT_USER\software\sysprotect free
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\usyp_is1
HKEY_LOCAL_MACHINE\software\sysprotect
SysProtect Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
SysProtect indications of infection
This symptoms of SysProtect detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Pigeon.AAL Trojan Cleaner
Remove New.is.for.the.Dogs Toolbar
Remove Icon.Changer Trojan
Pigeon.AAO Trojan Information
Remove Noknok.50!Setup Backdoor
No comments:
Post a Comment