Keep Cop, sometimes also called KeepCop is a malicious security program created in the tradition of rogue antivirus program that will attract computer users via its own website Keep Cop – Online Protection. It is on this website that Keep Cop will begin displaying fake virus presence on the system. Keep Cop – Online Protection website’s goal was to encourage its visitors to download the program and have them installed. Inside the computer, Keep Cop virus will make some alteration on system settings and registry to load itself automatically. These actions will definitely make computer perform inaccurately, Task Manager, Folder Options, Registry Editor and antivirus programs will be disabled.
To further prevent removal of Keep Cop virus, it will block Internet access on security website to avoid downloading of security programs. Furthermore, this application will redirect browser to another malicious websites or a payment processing page where it will force its victim to buy the registered version of Keep Cop.
What are the Symptoms of Keep Cop Infection?
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\KeepCop
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeepCop
- HKEY_LOCAL_MACHINE\SOFTWARE\KeepCop
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "KeepCop"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>.exe"
The threat will drop the following malicious files:
- c:\Program Files\KeepCop Software\KeepCop\KeepCop.exe
- c:\Program Files\KeepCop Software\KeepCop\uninstall.exe
- c:\WINDOWS\10073z9t-a-virus2ad5.cpl
- c:\WINDOWS\10939spam5oz722.exe
- c:\WINDOWS\109z5spam5ot39f.dll
- c:\WINDOWS\system32\46z9v5r2938.exe
- c:\WINDOWS\system32\473zvir1995.bin
- c:\WINDOWS\system32\4767dowzlo59er1019.bin
- c:\Documents and Settings\All Users\Desktop\KeepCop.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\KeepCop\1 KeepCop.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\KeepCop\2 Homepage.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\KeepCop\3 Uninstall.lnk
- %Temp%\<random>.exe
How to Remove Keep Cop Manually
1. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
– Click Start > Run
– Type in the field, regedit
– Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
– Base on the given location above, browse and delete the file
– If no location is given, click Start>Search> and search for the files.
– If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
– Update antivirus program
– Scan computer and delete all detected threats.
How to Easily Remove Keep Cop
1. Download and run Removal Tool to remove KeepCop virus
