The Emsi Software malware research team has discoverd a new outbreak of the Your PC Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.YourPCProtector.

Your PC Protector is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

• %ProgramFiles%\nuar.old
• %ProgramFiles%\skynet.dat
• %ProgramFiles%\svchost.exe
• %ProgramFiles%\wp3.dat
• %ProgramFiles%\wp4.dat
• %ProgramFiles%\adc32.dll
• %ProgramFiles%\alggui.exe
• %ProgramFiles%\Your PC Protector\Your PC Protector.exe
• %UserProfile%\Desktop\Your PC Protector.lnk
• %UserProfile%\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
• HKEY_CURRENT_USER\software\Your PC Protector
• HKEY_CURRENT_USER\software\Your PC Protector\PC_protect
• HKEY_CURRENT_USER\software\Your PC Protector\PC_protect\Registration
• HKEY_CURRENT_USER\software\Your PC Protector\PC_protect\setdata

Modify registry entry:

• HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command\, “C:\Program Files\alggui.exe “%1″ %*”

Screenshots:

How to remove the infection of Your PC Protector (Adware.Win32.YourPCProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.