What is VirusProtect?
It belongs to fake anti-spyware software category and usually infects the system by downloading corrupt video codec, which are necessary for video content review. Some suspicious websites play a trick on visitor and ask to download corrupt video codec, which is bundled with trojan infection, in this instance - Trojan.Zlob. VirusProtect is directly installed by Trojan.Zlob and shows assumed and exaggerated "computer has been infected" alerts in order to scare user and convert software download into purchase. After VirusProtect has been installed on PC it will immediately start computer scan for malware and in the end generates report asking for licensed program version in order to remove found threats. Mind that, even after the purchase it will not remove spyware as promised!
Also known as Virus Protect 3.8 (or 3.9 version). In fact it is renewal of a past threat VirusProtectPro
Related threats: VirusHeat, VirusRay, AntiVirGear, SpywareQuake
Also known as Virus Protect 3.8 (or 3.9 version). In fact it is renewal of a past threat VirusProtectPro
Related threats: VirusHeat, VirusRay, AntiVirGear, SpywareQuake
VirusProtect removal tool:
- Spyware Doctor (see here for the installation guide)
Screenshot:
VirusProtect Entries:
The following dll files are created: axdpfl.dll, chzbi.dll, cjuvwa.dll, e404d.dll, ezzhjmt.dll, fftktmk.dll, fsehfcu.dll, gnjsjc.dll, ivrllc.dll, moywh.dll, ncrjf.dll, ofcpi.dll, qhcvdw.dll, rldyt.dll, svxmhpz.dll, tvtpwp.dll, ucmbegr.dll, uglgs.dll, wowlze.dll, wygomd.dll, ymmzwd.dll, zcwlnic.dll
The following files are created:
VirusProtect 3.8.exe, VirusProtect 3.9.exe
Hijackthis Entries:
O4 Entries:
O4 - HKLM\..\Run: [VirusProtect 3.8] "C:\Program Files\VirusProtect 3.8\VirusProtect 3.8.exe" /h
O4 - HKLM\..\Run: [VirusProtect 3.9] "C:\Program Files\VirusProtect 3.9\VirusProtect 3.9.exe" /h
O22 Entries:
O22 - SharedTaskScheduler: doglike - {3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea} - C:\WINDOWS\System32\fftktmk.dll
O22 - SharedTaskScheduler: groutiest - {d653e105-3e53-480a-b129-54d957d174bb} - C:\WINDOWS\system32\ucmbegr.dll
O22 - SharedTaskScheduler: haeckel - {8373a2e0-bdd0-42bd-b4ec-ba5451eb6607} - C:\WINDOWS\system32\moywh.dll
O22 - SharedTaskScheduler: bayoneting - {e221f0dc-2696-4b2e-bd63-25b33dc19b6e} - C:\WINNT\System32\wygomd.dll
O22 - SharedTaskScheduler: bemocked - {b0883848-1466-4470-a418-3fe7d36694b9} - C:\WINDOWS\system32\rldyt.dll
O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll
O21 - SSODL: E404Helper - {d9f0cf95-2ef5-4ab8-b6b6-d5125a581b43} - e404d.dll
O22 - SharedTaskScheduler: dimanganous - {3ae12a89-2063-409b-87f2-f809a6e76862} - C:\WINDOWS\system32\chzbi.dll
O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - C:\WINDOWS\system32\ymmzwd.dll
O22 - SharedTaskScheduler: edgers - {d66c22b6-2217-4d1a-9a90-1a54de1fc706} - C:\WINDOWS\system32\zcwlnic.dll
O22 - SharedTaskScheduler: graphologists - {76fbb79c-2ec6-4962-a324-fd4362588e1c} - C:\WINDOWS\system32\uglgs.dll
O22 - SharedTaskScheduler: caribi - {8b87dcc7-9b89-4205-aa82-076b2a1edfe0} - C:\WINDOWS\system32\ncrjf.dll
O22 - SharedTaskScheduler: eaton - {d8b937a4-cdad-497b-a872-8da7c4c3ef6f} - C:\WINDOWS\system32\tvtpwp.dll
O22 - SharedTaskScheduler: geosphere - {c0ca766d-060c-48e1-b536-205e321bd174} - C:\WINDOWS\system32\wowlze.dll
O22 - SharedTaskScheduler: disgorging - {0123eb75-964c-4cb3-b796-431cc9099570} - C:\WINDOWS\system32\cjuvwa.dll
O22 - SharedTaskScheduler: cariniana - {5c770fbc-cc2f-4acd-93e8-e6f0594307fd} - C:\WINDOWS\system32\gnjsjc.dll
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\System32\ezzhjmt.dll
O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - C:\WINDOWS\system32\fsehfcu.dll
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - C:\WINDOWS\system32\qhcvdw.dll
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - C:\WINDOWS\system32\axdpfl.dll
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll
O22 - SharedTaskScheduler: cured - {7265100a-17e1-41bf-bd08-63b95a25a9c3} - C:\WINDOWS\system32\ofcpi.dll
O4 - HKLM\..\Run: [VirusProtect 3.8] "C:\Program Files\VirusProtect 3.8\VirusProtect 3.8.exe" /h
O4 - HKLM\..\Run: [VirusProtect 3.9] "C:\Program Files\VirusProtect 3.9\VirusProtect 3.9.exe" /h
O22 Entries:
O22 - SharedTaskScheduler: doglike - {3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea} - C:\WINDOWS\System32\fftktmk.dll
O22 - SharedTaskScheduler: groutiest - {d653e105-3e53-480a-b129-54d957d174bb} - C:\WINDOWS\system32\ucmbegr.dll
O22 - SharedTaskScheduler: haeckel - {8373a2e0-bdd0-42bd-b4ec-ba5451eb6607} - C:\WINDOWS\system32\moywh.dll
O22 - SharedTaskScheduler: bayoneting - {e221f0dc-2696-4b2e-bd63-25b33dc19b6e} - C:\WINNT\System32\wygomd.dll
O22 - SharedTaskScheduler: bemocked - {b0883848-1466-4470-a418-3fe7d36694b9} - C:\WINDOWS\system32\rldyt.dll
O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll
O21 - SSODL: E404Helper - {d9f0cf95-2ef5-4ab8-b6b6-d5125a581b43} - e404d.dll
O22 - SharedTaskScheduler: dimanganous - {3ae12a89-2063-409b-87f2-f809a6e76862} - C:\WINDOWS\system32\chzbi.dll
O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - C:\WINDOWS\system32\ymmzwd.dll
O22 - SharedTaskScheduler: edgers - {d66c22b6-2217-4d1a-9a90-1a54de1fc706} - C:\WINDOWS\system32\zcwlnic.dll
O22 - SharedTaskScheduler: graphologists - {76fbb79c-2ec6-4962-a324-fd4362588e1c} - C:\WINDOWS\system32\uglgs.dll
O22 - SharedTaskScheduler: caribi - {8b87dcc7-9b89-4205-aa82-076b2a1edfe0} - C:\WINDOWS\system32\ncrjf.dll
O22 - SharedTaskScheduler: eaton - {d8b937a4-cdad-497b-a872-8da7c4c3ef6f} - C:\WINDOWS\system32\tvtpwp.dll
O22 - SharedTaskScheduler: geosphere - {c0ca766d-060c-48e1-b536-205e321bd174} - C:\WINDOWS\system32\wowlze.dll
O22 - SharedTaskScheduler: disgorging - {0123eb75-964c-4cb3-b796-431cc9099570} - C:\WINDOWS\system32\cjuvwa.dll
O22 - SharedTaskScheduler: cariniana - {5c770fbc-cc2f-4acd-93e8-e6f0594307fd} - C:\WINDOWS\system32\gnjsjc.dll
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\System32\ezzhjmt.dll
O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - C:\WINDOWS\system32\fsehfcu.dll
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - C:\WINDOWS\system32\qhcvdw.dll
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - C:\WINDOWS\system32\axdpfl.dll
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll
O22 - SharedTaskScheduler: cured - {7265100a-17e1-41bf-bd08-63b95a25a9c3} - C:\WINDOWS\system32\ofcpi.dll