The Emsi Software malware research team has discoverd a new outbreak of the Virus Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.VirusProtector.

VirusProtector is a rogue security program. Virus Protector create numerous harmless files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %SystemRoot%\%random%.exe
• %SystemRoot%\%random%.dll
• %SystemRoot%\system32\%random%.exe
• %SystemRoot%\system32\%random%.dll
• %SystemRoot%\system32\drivers\%random%.exe
• %SystemRoot%\system32\drivers\%random%.dll

Create/modify registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Windows\LoadAppInit_DLLs, 0×00000001 (1)
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Windows\AppInit_DLLs, %random%.dll
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Shell, %random%.exe

Screenshots:

How to remove the infection of Virus Protector (Adware.Win32.VirusProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: Rogue, VirusProtector

This entry was posted on Monday, March 8th, 2010 at 22:15 and is filed under Malware Alerts, Removal Help. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.