1. Symantec/
  2. Security Response/
  3. DrProtection

DrProtection

Updated:
November 29, 2007 5:04:15 PM
Type:
Misleading Application
Name:
DrProtection
Version:
2.1
Publisher:
DrProtection
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.




The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • C:\Documents and Settings\Administrator\Desktop\DrProtection.lnk
  • C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_e10.dat
  • C:\Documents and Settings\Administrator\Start Menu\Programs\DrProtection\DrProtection.lnk
  • C:\Documents and Settings\Administrator\Start Menu\Programs\DrProtection\Uninstall.lnk
  • C:\Program Files\DrProtection\DrProtection.exe
  • C:\Program Files\DrProtection\DrProtection.lic
  • C:\Program Files\DrProtection\DrProtection0.dll
  • C:\Program Files\DrProtection\DrProtection0.dp
  • C:\Program Files\DrProtection\DrProtection1.dll
  • C:\Program Files\DrProtection\DrProtection1.dp
  • C:\Program Files\DrProtection\DrProtection3.dll
  • C:\Program Files\DrProtection\Uninstall.exe


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"DrProtection" = "C:\Program Files\DrProtection\DrProtection.exe"

It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DrProtection
  • HKEY_CURRENT_USER\Software\DrProtection
  • HKEY_CURRENT_USER\Software\DrProtection\Scan
  • HKEY_CURRENT_USER\Software\DrProtection\Updates
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DrProtection
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\DrProtection

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube