The program must be manually installed.
The program reports false or exaggerated system security threats on the computer.
The user is then prompted to pay for a full license of the application in order to remove the threats.Installation
When the program is executed, it creates the following files:
- %UserProfile%\Desktop\Security Tool.lnk
- %UserProfile%\Start Menu\Programs\Security Tool.lnk
- C:\Documents and Settings\All Users\Application Data\[RANDOM NAME]\[RANDOM NAME].exe
Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "C:\DOCUME~1\ALLUSE~1\APPLIC~1\[RANDOM NAME]\[RANDOM NAME].exe"
It also creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME]Similar Security Risks