1. Symantec/
  2. Security Response/
  3. EliteProtector

EliteProtector

Updated:
February 8, 2008 4:09:02 PM
Type:
Misleading Application
Name:
EliteProtector
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Start Menu\Programs\Startup\.protected
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
  • C:\Documents and Settings\All Users\Start Menu\Programs\EliteProtector\EliteProtector Uninstall.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\EliteProtector\EliteProtector.lnk
  • %ProgramFiles%\EliteProtector\EliteProtector.db
  • %ProgramFiles%\EliteProtector\EliteProtector.exe
  • %ProgramFiles%\EliteProtector\EliteProtector.pkg
  • %ProgramFiles%\EliteProtector\program.info
  • %ProgramFiles%\EliteProtector\Uninstall.exe
  • %System%\drivers\etc\.protected
  • %Windìr%\.protected
  • %System%\.protected
  • %UserProfile%\Application Data\EliteProtector\logs\[RANDOM NAME].log


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"EliteProtector" = "C:\Program Files\EliteProtector\EliteProtector.exe"

It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\EliteProtector
  • HKEY_LOCAL_MACHINE\SOFTWARE\EliteProtector
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteProtector
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube