Security Mechanic

June 10, 2014July 18, 2009 by Robert La Nguyen

Other payload of�Security Mechanic:

It will modify Windows Registry and add the following entries:

HKEY_CLASSES_ROOT\CLSID\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\App Paths\lsascs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Shell
Extensions\Approved\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run �Security Mechanic�

The threat will drop the following malicious files:

%UserProfile%\Application Data\Microsoft\windll32.exe
%UserProfile%\Application Data\lsascs.exe
%UserProfile%\Application Data\spyprotector
%UserProfile%\Application Data\setup.exe
%UserProfile%\Application Data\shellex.dll
%ProgramFiles%\Security Mechanic
%WINDOWS\System32\spyprotector.cpl
%Documents and Settings%\[User]\Application Data\SpyProtector\SC_Base_new.dat
%Documents and Settings%\[User]\Application Data\SpyProtector\SC_Config.ini

Robert La Nguyen

Robert is a highly motivated writer with 3+ years of experience writing for ransomware, malware, adware, PUPs, and other cybersecurity-related issues. As a writer, he strives to create content that is based on thorough technical research.

Leave a Comment Cancel reply