AntiProtect

AntiProtect

Found: 
2011-01-14
Description: 

Win32.FraudTool.AntiProtect is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

Known system changes: 

Files

Folders

%ProgramFiles%\AntiProtect

RegistryEntries

Key: HKEY_LOCAL_MACHINE\SOFTWARE\AntiProtect
Key: HKEY_LOCAL_MACHINE\SOFTWARE\AntiProtectPartner
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiProtect.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiProtect
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: winsen
Data: "C:\Documents and Settings\VPCTest\Local Settings\Application Data\Microsoft\Windows Winsen\winsencfg.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: AntiProtect
Data: "C:\Program Files\AntiProtect\AntiProtect.exe" /run1