What is VirusProtect?
- Type: Spyware
- Category: Rogue Programs
- Discovered: 30 July 2007
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
It belongs to fake anti-spyware software category and usually infects the system by downloading corrupt video codec, which are necessary for video content review. Some suspicious websites play a trick on visitor and ask to download corrupt video codec, which is bundled with trojan infection, in this instance - Trojan.Zlob. VirusProtect is directly installed by Trojan.Zlob and shows assumed and exaggerated "computer has been infected" alerts in order to scare user and convert software download into purchase. After VirusProtect has been installed on PC it will immediately start computer scan for malware and in the end generates report asking for licensed program version in order to remove found threats. Mind that, even after the purchase it will not remove spyware as promised!
Also known as Virus Protect 3.8 (or 3.9 version). In fact it is renewal of a past threat VirusProtectPro
Related threats: VirusHeat, VirusRay, AntiVirGear, SpywareQuake
Also known as Virus Protect 3.8 (or 3.9 version). In fact it is renewal of a past threat VirusProtectPro
Related threats: VirusHeat, VirusRay, AntiVirGear, SpywareQuake
2. VirusProtect removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. Screenshot:
4. VirusProtect files:
axdpfl.dll, chzbi.dll, cjuvwa.dll, e404d.dll, ezzhjmt.dll, fftktmk.dll, fsehfcu.dll, gnjsjc.dll, ivrllc.dll, moywh.dll, ncrjf.dll, ofcpi.dll, qhcvdw.dll, rldyt.dll, svxmhpz.dll, tvtpwp.dll, ucmbegr.dll, uglgs.dll, wowlze.dll, wygomd.dll, ymmzwd.dll, zcwlnic.dllVirusProtect 3.8.exe, VirusProtect 3.9.exe
5. Hijackthis entries:
O4 Entries:
O4 - HKLM\..\Run: [VirusProtect 3.8] "C:\Program Files\VirusProtect 3.8\VirusProtect 3.8.exe" /h
O4 - HKLM\..\Run: [VirusProtect 3.9] "C:\Program Files\VirusProtect 3.9\VirusProtect 3.9.exe" /h
O22 Entries:
O22 - SharedTaskScheduler: doglike - {3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea} - C:\WINDOWS\System32\fftktmk.dll
O22 - SharedTaskScheduler: groutiest - {d653e105-3e53-480a-b129-54d957d174bb} - C:\WINDOWS\system32\ucmbegr.dll
O22 - SharedTaskScheduler: haeckel - {8373a2e0-bdd0-42bd-b4ec-ba5451eb6607} - C:\WINDOWS\system32\moywh.dll
O22 - SharedTaskScheduler: bayoneting - {e221f0dc-2696-4b2e-bd63-25b33dc19b6e} - C:\WINNT\System32\wygomd.dll
O22 - SharedTaskScheduler: bemocked - {b0883848-1466-4470-a418-3fe7d36694b9} - C:\WINDOWS\system32\rldyt.dll
O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll
O21 - SSODL: E404Helper - {d9f0cf95-2ef5-4ab8-b6b6-d5125a581b43} - e404d.dll
O22 - SharedTaskScheduler: dimanganous - {3ae12a89-2063-409b-87f2-f809a6e76862} - C:\WINDOWS\system32\chzbi.dll
O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - C:\WINDOWS\system32\ymmzwd.dll
O22 - SharedTaskScheduler: edgers - {d66c22b6-2217-4d1a-9a90-1a54de1fc706} - C:\WINDOWS\system32\zcwlnic.dll
O22 - SharedTaskScheduler: graphologists - {76fbb79c-2ec6-4962-a324-fd4362588e1c} - C:\WINDOWS\system32\uglgs.dll
O22 - SharedTaskScheduler: caribi - {8b87dcc7-9b89-4205-aa82-076b2a1edfe0} - C:\WINDOWS\system32\ncrjf.dll
O22 - SharedTaskScheduler: eaton - {d8b937a4-cdad-497b-a872-8da7c4c3ef6f} - C:\WINDOWS\system32\tvtpwp.dll
O22 - SharedTaskScheduler: geosphere - {c0ca766d-060c-48e1-b536-205e321bd174} - C:\WINDOWS\system32\wowlze.dll
O22 - SharedTaskScheduler: disgorging - {0123eb75-964c-4cb3-b796-431cc9099570} - C:\WINDOWS\system32\cjuvwa.dll
O22 - SharedTaskScheduler: cariniana - {5c770fbc-cc2f-4acd-93e8-e6f0594307fd} - C:\WINDOWS\system32\gnjsjc.dll
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\System32\ezzhjmt.dll
O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - C:\WINDOWS\system32\fsehfcu.dll
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - C:\WINDOWS\system32\qhcvdw.dll
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - C:\WINDOWS\system32\axdpfl.dll
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll
O22 - SharedTaskScheduler: cured - {7265100a-17e1-41bf-bd08-63b95a25a9c3} - C:\WINDOWS\system32\ofcpi.dll
O4 - HKLM\..\Run: [VirusProtect 3.8] "C:\Program Files\VirusProtect 3.8\VirusProtect 3.8.exe" /h
O4 - HKLM\..\Run: [VirusProtect 3.9] "C:\Program Files\VirusProtect 3.9\VirusProtect 3.9.exe" /h
O22 Entries:
O22 - SharedTaskScheduler: doglike - {3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea} - C:\WINDOWS\System32\fftktmk.dll
O22 - SharedTaskScheduler: groutiest - {d653e105-3e53-480a-b129-54d957d174bb} - C:\WINDOWS\system32\ucmbegr.dll
O22 - SharedTaskScheduler: haeckel - {8373a2e0-bdd0-42bd-b4ec-ba5451eb6607} - C:\WINDOWS\system32\moywh.dll
O22 - SharedTaskScheduler: bayoneting - {e221f0dc-2696-4b2e-bd63-25b33dc19b6e} - C:\WINNT\System32\wygomd.dll
O22 - SharedTaskScheduler: bemocked - {b0883848-1466-4470-a418-3fe7d36694b9} - C:\WINDOWS\system32\rldyt.dll
O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll
O21 - SSODL: E404Helper - {d9f0cf95-2ef5-4ab8-b6b6-d5125a581b43} - e404d.dll
O22 - SharedTaskScheduler: dimanganous - {3ae12a89-2063-409b-87f2-f809a6e76862} - C:\WINDOWS\system32\chzbi.dll
O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - C:\WINDOWS\system32\ymmzwd.dll
O22 - SharedTaskScheduler: edgers - {d66c22b6-2217-4d1a-9a90-1a54de1fc706} - C:\WINDOWS\system32\zcwlnic.dll
O22 - SharedTaskScheduler: graphologists - {76fbb79c-2ec6-4962-a324-fd4362588e1c} - C:\WINDOWS\system32\uglgs.dll
O22 - SharedTaskScheduler: caribi - {8b87dcc7-9b89-4205-aa82-076b2a1edfe0} - C:\WINDOWS\system32\ncrjf.dll
O22 - SharedTaskScheduler: eaton - {d8b937a4-cdad-497b-a872-8da7c4c3ef6f} - C:\WINDOWS\system32\tvtpwp.dll
O22 - SharedTaskScheduler: geosphere - {c0ca766d-060c-48e1-b536-205e321bd174} - C:\WINDOWS\system32\wowlze.dll
O22 - SharedTaskScheduler: disgorging - {0123eb75-964c-4cb3-b796-431cc9099570} - C:\WINDOWS\system32\cjuvwa.dll
O22 - SharedTaskScheduler: cariniana - {5c770fbc-cc2f-4acd-93e8-e6f0594307fd} - C:\WINDOWS\system32\gnjsjc.dll
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\System32\ezzhjmt.dll
O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - C:\WINDOWS\system32\fsehfcu.dll
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - C:\WINDOWS\system32\qhcvdw.dll
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - C:\WINDOWS\system32\axdpfl.dll
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll
O22 - SharedTaskScheduler: cured - {7265100a-17e1-41bf-bd08-63b95a25a9c3} - C:\WINDOWS\system32\ofcpi.dll