Registry Cleaner Geeks

If your PC is also running slowly, you may be interested to look at our Regcure Review. Regcure is proven to improve the performance of your computer.

be downloaded by other malware with the following install name:

Your PC Protector

Once executed, the Trojan creates the following files:

* C:\Documents and Settings\All Users\Desktop\Your PC Protector.lnk

* %ProgramFiles%\adc32.dll

* %ProgramFiles%\alggui.exe

* %ProgramFiles%\nuar.old

* %ProgramFiles%\schtml\dbsinit.exe

* %ProgramFiles%\schtml\images\i1.gif

* %ProgramFiles%\schtml\images\i2.gif

* %ProgramFiles%\schtml\images\i3.gif

* %ProgramFiles%\schtml\images\j1.gif

* %ProgramFiles%\schtml\images\j2.gif

* %ProgramFiles%\schtml\images\j3.gif

* %ProgramFiles%\schtml\images\jj1.gif

* %ProgramFiles%\schtml\images\jj2.gif

* %ProgramFiles%\schtml\images\jj3.gif

* %ProgramFiles%\schtml\images\l1.gif

* %ProgramFiles%\schtml\images\l2.gif

* %ProgramFiles%\schtml\images\l3.gif

* %ProgramFiles%\schtml\images\pix.gif

* %ProgramFiles%\schtml\images\t1.gif

* %ProgramFiles%\schtml\images\t2.gif

* %ProgramFiles%\schtml\images\Thumbs.db

* %ProgramFiles%\schtml\images\up1.gif

* %ProgramFiles%\schtml\images\up2.gif

* %ProgramFiles%\schtml\images\w1.gif

* %ProgramFiles%\schtml\images\w11.gif

* %ProgramFiles%\schtml\images\w2.gif

* %ProgramFiles%\schtml\images\w3.gif

* %ProgramFiles%\schtml\images\w3.jpg

* %ProgramFiles%\schtml\images\word.doc

* %ProgramFiles%\schtml\images\wt1.gif

* %ProgramFiles%\schtml\images\wt2.gif

* %ProgramFiles%\schtml\images\wt3.gif

* %ProgramFiles%\schtml\wispex.html

* %ProgramFiles%\skynet.dat

* %ProgramFiles%\some.dat

* %ProgramFiles%\svchost.exe

* %ProgramFiles%\wp3.dat

* %ProgramFiles%\wp4.dat

* %ProgramFiles%\Your PC Protector

* %ProgramFiles%\Your PC Protector\Your PC Protector.exe

* %Temp%\8fc

* %UserProfile%\Start Menu\Programs\Your PC Protector

* %UserProfile%\Start Menu\Programs\Your PC Protector\Your PC Protector.

lnk

* %Windir%\Temp\8fc

* %Windir%\Temp\a7b

It creates the following registry entries:

* HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\”(Default)” = “ADC PlugIn”

* HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32\”(Default)” = “%SYSTEM%\Program

Files\adc32.dll”

* HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32\”ThreadingModel” = “Apartment”

* HKEY_CURRENT_USER\Software\Your PC Protector\Your PC

Protector\setdata\”scantime” = “[CURRENT TIMESTAMP]”

* HKEY_CURRENT_USER\Software\Your PC Protector\Your PC

Protector\setdata\”scantime” = “[CURRENT TIMESTAMP]”

* HKEY_CURRENT_USER\Software\Your PC Protector\Your PC

Protector\setdata\”scncnt” = “[NUMBER]”

* HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Adb

Upd\”DisplayName” = “Adobe Update Service”

* HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Adb

Upd\”ErrorControl” = “0×00000001″

* HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Adb

Upd\”ImagePath” = “%SYSTEM%\Program Files\svchost.exe”"

* HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Adb

Upd\”ObjectName” = “LocalSystem”

* HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Adb

Upd\”Start” = “0×00000002″

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adb

Upd\”Type” = “0×00000010″

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adb

Upd\Security\”Security” = “[DATA]”

It then modifies the following registry entries:

* HKEY_CLASSES_ROOT\exefile\shell\open\command\”(Default)” =

“% SYSTEM%\Program Files\alggui.exe “%1″ %*”

* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

\”Locked” = “0×00000001″

The Trojan then prevents other applications from being executed and displays

the following false error messages:

Title: Warning!

Body: Running of application is impossible.

The file [FILE PATH AND NAME] is infected.

Please activate your antivirus program.

The Trojan may also display any of the following warning messages:

Title: Warning infection is detected

Body: Windows has found spyware infection on your computer!

Click here to update your Windows antivirus software…

Title: Security Warning

Body: Your computer continues to be infected with harmful viruses.

In order to prevent permanent loss of your information and

credit card data theft please activate your antivirus software.

Click here to enable protection.

Title: Security Warning

Body: There are critical system files on your computer that were

modified by malicious program.

It will cause unstable work of your system and permanent

data loss.

Click here to undo performed modifications and remove

malicious software (Highly recommended).

The Trojan also displays the following scan interface:

Title: Your PC Protector

Body: Scanning for viruses

It then displays the false results of the misleading scan:

Title: Warning 3 infection found

Body: Unwanted software (malware) or tracking cookies have been found

during last scan. It is highly recommended to remove it from your computer.

Title: Items Detected

Body: Your PC Protector has found infected documents or programs.

You can lose your personal data and infect other network computers.

It may also display the following fake Microsoft error messages:

Title: Windows Security Center

Body: Security Center

Help protect your PC

Title: svchost.exe

Body: svchost.exe has encountered a problem and needs to

close. We are sorry for the inconvenience.

The Trojan then displays the following requests for payment:

Title: Your PC Protector evaluation

Body: This version of Your PC Protector is for evaluation purposes only.

The removal feature is disabled. You may scan your PC to locate malware

threats.

Please purchase the full version of Your PC Protector to remove identified

threats.

Title: Bright Red Warning Symbol

Body: Are you sure? Your PC will not be protected against spyware.

FREE SCAN:

Please click here for manual removal instructions.