Identity Protector, Potentially Superfluous Software.

/ LPI, News, PUA, PUP, Superfluous / Through / 2 minutes of reading
126
5/5 - (1 votes)

Identity Protector, Potentially Superfluous Software.

Some legitimate programs like Identity Protector can be classified as superfluous, they are not necessarily necessary for the functioning of the system and sometimes even unwanted.

More specifically, Identity Protector is a program supposed to protect your personal information on your PC. It also allows you to manage your passwords via your browser and lock them with a master key. However, it has a multitude of incorrect detections and offers the purchase of a paid version to fix the problems.
Some security solutions, such as Malwarebytes Antimalwares and Avira Antivirus, classify this software as Potentially Unwanted Optional Software (PUP/LPI).


This program is classified as Potentially Unnecessary Software (LPS). It installs as a program and/or as a browser extension. It can start automatically from the Registry via a "Run" key, a service or a scheduled task. It may launch when you start your browser after changing its settings. Sometimes the launch is done silently, that is to say it works in the background. The virus analysis of this software does not show any malware detection.


These are mostly legitimate programs that may not be necessary for your system to function properly. The multiplication of programs launched at system startup can cause delays in the execution of ordinary system tasks but also when browsing the Internet. Note that some programs come from downloads with repackaging, a technique which consists of offering other software during installation. These additional programs are obviously superfluous, they can even be installed without your knowledge. It is recommended to read the EULA before installing packaged software. Before clicking, check the relevance of the pre-checked boxes offered to you.


Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections. The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.


Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

TECHNICAL ELEMENTS

  Features

– Starts a process at system launch (RP),
- It is installed in the Registry Base in order to be launched each time the system starts (O4),
- It starts a scheduled task automatically (O38),
- It installs as a program (O42)
– Created multiple “Software” registry keys,
- Adds additional folders (O43),
- Registration in the Windows prefetcher folder (O45)
– Adds multiple user files (O61),

Preview in reports

Recorded on 27/09/2018
Numéro de série : 00CF6833A8267DE9FBD1DB8B0BCC6F0869
O38 – TASK: {7FCCE776-7FC1-46D9-B0D5-763A3810AC98}[\Identity Protector_Logon] – (.IdentityProtector.co – IdentityProtector.) — C:\Program Files\Identity Protector\IdentityProtector.exe [4313440]
C:\Windows\System32\Tasks\Identity Protector_Logon – (.IdentityProtector.co.) — C:\Program Files\Identity Protector\IdentityProtector.exe [startupshow]
[MD5.AB1A8ED3E44D63B4B2304F5E1228EC78] – (.IdentityProtector.co – IdentityProtector.) — C:\Program Files\Identity Protector\IdentityProtector.exe [4313440] [PID.2588] {00CF6833A8267DE9FBD1DB8B0BCC6F0869}
O4 – GS\CommonDesktop [Public]: Identity Protector.lnk. (.IdentityProtector.co – IdentityProtector.) C:\Program Files\Identity Protector\IdentityProtector.exe {00CF6833A8267DE9FBD1DB8B0BCC6F0869}
O42 – Software: Identity Protector – (.IdentityProtector.co.) [HKLM] — 39B262A6-2E6C-4AF9-BEF7-E43DD1035C2B_is1
HKLM\SOFTWARE\IdentityProtector.co
HKLM\SOFTWARE\ips-pr
HKCU\SOFTWARE\IdentityProtector.co
HKU\S-1-5-21-3170229064-143365203-2930443724-1000\SOFTWARE\IdentityProtector.co
O43 – CFD: 27/09/2018 – [] D — C:\Program Files\Identity Protector
O43 – CFD: 27/09/2018 – [] D — C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Identity Protector
O43 – CFD: 27/09/2018 – [] D — C:\ProgramData\IdentityProtector.co
O43 – CFD: 27/09/2018 – [] D — C:\Users\Coolman\AppData\Roaming\IdentityProtector.co
O61 – LFC: 2018/09/27 07:16:12 A . (.identityprotector.co.) — C:\ProgramData\IdentityProtector.co\Identity Protector\offers\idpieextsetup.exe [3886440] {00CF6833A8267DE9FBD1DB8B0BCC6F0869}

Alias

Virus Total Analysis IdentityProtector.exe :

Avira (no cloud) PUA/IdentityProtector.B 20180921
Cyren W32/Deceptor.TCYI-5780 20180921
DrWeb Program.Unwanted.2780 20180921
Malwarebytes PUP.Optional.IdentityProtector 20180921
Panda PUP/IdentityProtector 20180921
Yandex Trojan.Agent!CV3g6Z6Xycg 20180920

VirusTotalAnalysis (Installer):

Avira (no cloud) PUA/IdentityProtector.A 20180921
AVware Trojan.Win32.Generic!BT 20180921
CAT-QuickHeal Trojan.IGENERIC 20180921
Cyren W32/Deceptor.GGDN-3381 20180921
DrWeb Program.Unwanted.2249 20180921
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/GT32SupportGeeks.M.gen potentially unwanted 20180921
Fortinet W32/Downeks.ATQ!tr 20180921
K7AntiVirus Riskware (dec002011) 20180921
K7GW Riskware (dec002011) 20180921
Malwarebytes PUP.Optional.IdentityProtector 20180921
MAX malware (ai score=95) 20180921
McAfee Artemis!6C1A8DA0D433 20180921
McAfee-GW-Edition Artemis 20180921
Microsoft Misleading:Win32/Lodi 20180921
Panda PUP/IdentityProtector 20180921
Sophos AV Generic PUA OD (PUA) 20180922
TrendMicro SPYW_IdentityProtector 20180921
TrendMicro-HouseCall SPYW_IdentityProtector 20180921
VBA32 TrojanSpy.MSIL.Downeks 20180921
VIPRE Trojan.Win32.Generic!BT 20180921
Webroot W32.Adware.Gen 20180921
Yandex Riskware.Agent! 20180920
TrendMicro-HouseCall TROJ_GEN.R002C0OIJ18 20180924

Associate Editors

IdentityProtector.co

Some products

Identity Protector

MD5 encryption

AB1A8ED3E44D63B4B2304F5E1228EC78

Serial number

00CF6833A8267DE9FBD1DB8B0BCC6F0869

How to Remove Identity Protector?

Delete with Windows

Delete with ZHPCleaner

   Delete with ZHPSuite

Responsibility :   The principle of absence of responsibility of the original site, with regard to the contents of the targeted target sites, is recalled by the judgment of September 19, 2001 of the Paris Court of Appeal. The comments I make here reflect my opinion and are suggestions - the visitor is not obliged to follow them.
Share
Tweet
whatsapp
Share
Pin it

About the Author

Nicolas Coolman is a French IT and IT security expert with a degree in software engineering. It specializes in scanning and disinfecting malware, including adware, ransomware, Trojans and other types of unwanted software. Nicolas Coolman is also the creator of several computer security tools, such as "ZHPCleaner" and "ZHPDiag", which are widely used by users to scan and clean malware from their Windows operating systems. Nicolas Coolman is very active in the IT security community and regularly shares his knowledge and findings on his website and on security forums. His expertise is recognized by many users and IT professionals, and he is considered a reference in the field of combating malware.

Similar publications

Back to top