You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

PeakProtection2010

Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

PeakProtection2010 carries out the following actions:

  • When it is run, it displays the window of an installer, like the following:

    PeakProtection2010 installation window
  • Once installed, the computer is restarted and the following screen is displayed, where ony one option can be selected:

    Screen displayed by PeakProtection2010
  • When users click on this button, it stats scanning the system and once ended, it shows the results wih the infected and restored files:

    Results of the scan carried out by PeakProtection2010
  • In order to disinfect all the files, users have to install a certain module. If they decide to install it, they are redirected to the website where to purchase the program. In this website users have to fill in the form with their personal data:

    Website where to purchase PeakProtection2010
  • If users decide not to follow the instructions of the program, warning messages will be displayed periodically, trying to convince users that their computer is infected.

Infection strategy 

PeakProtection2010 creates the file ANTISPY.EXE in the Documents and Settings directory of the user that has logged in.

 

PeakProtection2010 creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell = C:\Documents and Settings\
    %username%\antispy.exe
    where %username% is the username of the user that has logged in.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    SelfdelNT
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    tmp

    By creating these entries, PeakProtection2010 ensures that it is run whenever Windows is started.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnPostRedirect = 0?
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnonBadCertRecving = 0?

    By creating these entries, it disables the warning messages that are displayed when the browser redirects users to a website that has no security certificate.

Means of transmission 

PeakProtection2010 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Further Details  

PeakProtection2010 is 641,536 bytes in size.