ProtectingTool

Description: Rogue Security Program
Risk Level: High
Date of First Occurence: Wednesday, April 16, 2008
Software Developer: (unknown)
Brief Info: Rogue/Suspect Anti-Spyware Product "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
Removal: This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "ProtectingTool"

Threat Info

View All

Detected Items

  1. Detected Files: %COMMONFILES%\ProtectingTool\strpmon.exe MD5: C79A8F3CADCC1B2EF02C2F7BB1A310A6 Size:399872 %PROGRAMFILES%\ProtectingTool\ucookw.exe MD5: 243B9B6ACB6F86D8FFDFE5E17DB34825 Size:236544 MD5: FDD7CCBE72AAC8F9409FC0189EB2D603 Size:224768 %COMMONFILES%\PROTECTINGTOOL\STRPMON.EXE MD5: 2B1617D8B2522CF4EE19970DBC57F3CE Size:395776 %PROGRAMFILES%\ProtectingTool\SysRep.exe MD5: 9A70E78A5C2DE20602542E554858FDF2 Size:1546752
  2. Detected Files with variable Filenames: MD5: 6C3FD7F4BAA7B2E1A83E7CB8A45301CB Size: 425472 %COMMONFILES%\HardDriveGuard\strpmon.exe %COMMONFILES%\WinPCDoctor\strpmon.exe %COMMONFILES%\SystemErrorFixer\strpmon.exe %COMMONFILES%\ErrClean\strpmon.exe %SystemDiskRoot%\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1291\A0221443.exe %COMMONFILES%\SystemErrorFixer\strpmon.exe.ren %SystemDiskRoot%\System Volume Information\_restore{CD5B1009-7B24-4405-83C4-78C7BF961E84}\RP213\A0180271.exe %COMMONFILES%\StorageProtector\strpmon.exe MD5: 44E332A8D4BC38AA657C299561D3AA70 Size: 5723432 %SystemDiskRoot%\Documents and Settings\Jirka\Local Settings\Temp\NI.UGES_0001_N122M2610\setup.exe %TEMP%\NI.UGES_0001_N122M2610\setup.exe MD5: 98B04E89912C936F70DE3E0326B1AF25 Size: 211456 %PROGRAMFILES%\WinPCDoctor\ucookw.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP99\A0043772.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP98\A0043558.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP98\A0043466.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP97\A0043358.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP97\A0043250.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP96\A0043099.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP96\A0042093.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP95\A0042018.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP92\A0041805.exe %SystemDiskRoot%\System Volume Information\_restore{321424EF-1A6C-47FB-8570-DA4CA3D6F7BD}\RP91\A0041736.exe and next 42 variations.

Detecting items list:

  1. Files by Name %COMMONFILES%\ProtectingTool\strpmon.exe %PROGRAMFILES%\ProtectingTool\SysRep.exe %PROGRAMFILES%\ProtectingTool\ucookw.exe %WINDIR%\Temp\NI.UGES_0001_N122M2610\setup.exe
  2. Files by MD5 MD5: 6C3FD7F4BAA7B2E1A83E7CB8A45301CB Size: 425472 MD5: D2ACA9D4C4BCD15760273EA56C4E4095 Size: 1514496 MD5: 98B04E89912C936F70DE3E0326B1AF25 Size: 211456 MD5: 44E332A8D4BC38AA657C299561D3AA70 Size: 5723432
  3. Registry Keys HKU\.DEFAULT\Software\ProtectingTool HKCU\Software\ProtectingTool HKLM\SOFTWARE\ProtectingTool
  4. Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=ucookw HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=Salestart Value=?%COMMONFILES%\ProtectingTool\strpmon.exe? dm=http://protectingtool.com; ad=http://protectingtool.com HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=ProtectingTool Value=%PROGRAMFILES%\ProtectingTool\SysRep.exe

« Go to Software Database