SystemCop

SystemCop is a fake spyware remover hailing from the same family as BlockDefense, SaveDefense, WiniFighter, Trust Ninja and WiniBlueSoft. Through the use of trojan infections, SystemCop gains entry to your PC and from there, begins issuing dozens of annoying security alerts and bogus system scans that turn up nothing but fabricated infection results. These tactics are there to scare you into purchasing the rogue spyware remover SystemCop. Do not be fooled. Remove SystemCop as soon as it is detected.

File System Modifications

• The following files were created in the system:
  

  #	File Name	File Size (bytes)	File Hash
  1	102z6w59m3c4.cpl	N/A	N/A
  2	1044zhackt9ol5b2.dll	N/A	N/A
  3	10683v9rzs656.cpl	N/A	N/A
  4	10915hief309z.cpl	N/A	N/A
  5	Homepage.lnk 3	N/A	N/A
  6	license.txt	N/A	N/A
  7	setup.exe	803,637	a59d785f02a20367376bd0c1b9b94dec
  8	SystemCop	N/A	N/A
  9	SystemCop.exe	724,992	b45db346486482868a2886fcc5e2e01f
  10	SystemCop.lnk 1	N/A	N/A
  11	SystemCop.lnk 2	N/A	N/A
  12	uninstall.exe	N/A	N/A
  13	Uninstall.lnk	N/A	N/A

Registry Modifications

• The following newly produced Registry Values are:
  HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SystemCop"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ha8tozmj.exe"HKEY_CURRENT_USER\Software\SystemCopHKEY_LOCAL_MACHINE\SOFTWARE\SystemCopHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSTEMCOPSVCHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemCopSvcHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SystemCop

Additional Information on SystemCop

• The following paths were detected:
  

  #	Path
  1	%ProgramFiles%\SystemCop Software\SystemCop