DataProtect

DataProtect

Found: 
2011-02-11
Description: 

Win32.FraudTool.DataProtect is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

 

Credit: Tachikoma

Known system changes: 

Files

Folders

%ProgramFiles%\DataProtect

RegistryEntries

Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: winsen
Data: "C:\Documents and Settings\<user>\Local Settings\Application Data\Microsoft\Windows Winsen\winsencfg.exe"
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Windows Winsen
Key: HKEY_LOCAL_MACHINE\SOFTWARE\DataProtect
Key: HKEY_LOCAL_MACHINE\SOFTWARE\DataProtectPartner
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DataProtect.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DataProtect
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: DataProtect
Data: "C:\Program Files\DataProtect\DataProtect.exe" /run1