1. /
  2. Security Response/
  3. ErrorProtector

ErrorProtector

Updated:
September 4, 2007 3:04:06 PM
Type:
Misleading Application
Name:
ErrorProtector
Publisher:
ErrorProtector Inc.
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior
ErrorProtector can be downloaded from [http://]www.errorprotector.com or it can be installed by a downloader.

When it is executed and a scan is run, it scans the computer and displays exaggerated reports of errors on the computer.





The risk also displays a registration screen, asking the user to register the software to remove the supposed threats.




Installation
When the risk is installed, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\ErrorProtector.lnk
  • %UserProfile%\Cookies\administrator@errorprotector[2].txt
  • %UserProfile%\Desktop\ErrorProtector.lnk
  • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\ErrorProtector Unregistered Version\Contact customer support.lnk
  • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\ErrorProtector Unregistered Version\ErrorProtector on the Web.lnk
  • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\ErrorProtector Unregistered Version\ErrorProtector.lnk
  • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\ErrorProtector Unregistered Version\Uninstall ErrorProtector.lnk
  • %ProgramFiles%\Common Files\ErrorProtector Free\startmon.exe
  • %ProgramFiles%\ErrorProtector Free\Activate.dat
  • %ProgramFiles%\ErrorProtector Free\atl71.dll
  • %ProgramFiles%\ErrorProtector Free\bnlink.dat
  • %ProgramFiles%\ErrorProtector Free\DataBase.sav
  • %ProgramFiles%\ErrorProtector Free\ertmain.exe
  • %ProgramFiles%\ErrorProtector Free\hmlink.dat
  • %ProgramFiles%\ErrorProtector Free\insthelp.exe
  • %ProgramFiles%\ErrorProtector Free\lapv.dat
  • %ProgramFiles%\ErrorProtector Free\License.rtf
  • %ProgramFiles%\ErrorProtector Free\mfc71.dll
  • %ProgramFiles%\ErrorProtector Free\msvcp71.dll
  • %ProgramFiles%\ErrorProtector Free\msvcr71.dll
  • %ProgramFiles%\ErrorProtector Free\pv.dat
  • %ProgramFiles%\ErrorProtector Free\readme.rtf
  • %ProgramFiles%\ErrorProtector Free\ReportListFile.dat
  • %ProgramFiles%\ErrorProtector Free\ResErrors.log
  • %ProgramFiles%\ErrorProtector Free\sr.log
  • %ProgramFiles%\ErrorProtector Free\support.url
  • %ProgramFiles%\ErrorProtector Free\uertcookiemon.exe
  • %ProgramFiles%\ErrorProtector Free\uerturl.url
  • %ProgramFiles%\ErrorProtector Free\umain.xml
  • %ProgramFiles%\ErrorProtector Free\unins000.dat
  • %ProgramFiles%\ErrorProtector Free\unins000.exe
  • %ProgramFiles%\ErrorProtector Free\up.dat
  • %ProgramFiles%\ErrorProtector Free\updater.dat
  • %ProgramFiles%\ErrorProtector Free\updater.exe


It may also create and populate the following folder:
%SystemDrive%\Documents and Settings\All Users\Application Data\ErrorProtector Free

The risk creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERT_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\ErrorProtector Free
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ErrorProtector Unregistered Version
  • HKEY_CURRENT_USER\Software\ErrorProtector Free


It also creates the following registry entries, so that it starts when Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"ErrorProtector Free" = "C:\Program Files\ErrorProtector Free\ertmain.exe /min"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Salestart" = ""C:\Program Files\Common Files\ErrorProtector Free\startmon.exe""
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"ErrorProtector Free" = ""C:\Program Files\ErrorProtector Free\ertmain.exe""
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver