Windows Police Pro



» If you can't view the screen shot, you may have to click the screen shot when you put the mouse over the it.
» Dependant upon your browser settings.

This sleek program is another to watch out for. So be don't be tricked.

It appears that the client was browsing facebook.com, when their Google Chrome browser was hijacked and redirected to another site. The client was duped into installing this program.



Below are entries found in the Registry(If you are unfamiliar with the registry...Leave this page NOW) and files associated with the program. Windows Police Pro  Windows Police Pro Logo

  1. Key Name: HKLM\SOFTWARE\Microsoft\ESENT\Process\Windows Police Pro
    Class Name:
    Last Write Time: 10/19/2009 - 6:42 PM

  2. Key Name: HKLM\SOFTWARE\Microsoft\ESENT\Process\Windows Police Pro\DEBUG
    Class Name:
    Last Write Time: 10/19/2009 - 6:42 PM
    Value 0
    Name: Trace Level
    Type: REG_SZ
    Data:

  1. Key Name: HKEY_USERS\....\Software\Windows Police Pro
    Class Name:
    Last Write Time: 10/19/2009 - 3:26 PM

  2. Key Name: HKEY_USERS\....\Software\Windows Police Pro\Windows Police Pro
    Class Name:
    Last Write Time: 10/19/2009 - 3:26 PM

  3. Key Name: HKEY_USERS\....\Software\Windows Police Pro\Windows Police Pro\Registration
    Class Name:
    Last Write Time: 10/19/2009 - 3:26 PM

  4. Key Name: HKEY_USERS\....\Software\Windows Police Pro\Windows Police Pro\setdata
    Class Name:
    Last Write Time: 10/19/2009 - 9:52 PM
    Value 0
    Name: scantime
    Type: REG_SZ
    Data: 20.10.2009 0:52:51

    Value 1
    Name: scncnt
    Type: REG_DWORD
    Data: 0x1c

    Value 2
    Name: check9
    Type: REG_DWORD
    Data: 0x1

    Value 3
    Name: check10
    Type: REG_DWORD
    Data: 0

    Value 4
    Name: check11
    Type: REG_DWORD
    Data: 0x1

    Value 5
    Name: check12
    Type: REG_DWORD
    Data: 0x1

    Value 6
    Name: check13
    Type: REG_DWORD
    Data: 0

    Value 7
    Name: check14
    Type: REG_DWORD
    Data: 0x1

    Value 8
    Name: check15
    Type: REG_DWORD
    Data: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Windows Police Pro.exe"

You will find shortcuts to the program on the
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a list of files you may find in the:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"C:\Program Files\Windows Police Pro" Folder
            Size          Name
  1. 479,232 bytes » msvcm80.dll
  2. 548,864 bytes » msvcp80.dll
  3. 626,688 bytes » msvcr80.dll
  4. 9,171,464 bytes » Windows Police Pro.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a list of files you may find in the:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"C:\Windows\System32" Folder
            Size          Name
  1. 235 bytes » windows
  2. 508,416 bytes » pump.exe
  3. 567,808 bytes » plugie.dll
  4. 4 bytes » bincd32.dat
  5. 145 bytes » tempie.html
  6. 9 bytes » nuar.old
  7. 36 bytes » skynet.dat
  8. 108 bytes » wwp.html
Next, you will need to find the "schtml" Folder, where you will find these files
  1. 137,703 bytes » dbsinit.exe
  2. 508,416 bytes » pump.exe
  3. 8,551 bytes » wispex.html
  4. images FOLDER


Remember to always check here: C:\WINDOWS\Prefetch

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1. Windows Police Pro

  2. Windows Police Pro

  3. Windows Police Pro

  4. Windows Police Pro

  5. Windows Police Pro

  6. Windows Police Pro

  7. Windows Police Pro

  8. Windows Police Pro

  9. Windows Police Pro

  10. Windows Police Pro

  11. Windows Police Pro

  12. Windows Police Pro

  13. Windows Police Pro

  14. Windows Police Pro

  15. Windows Police Pro

  16. Windows Police Pro

  17. Windows Police Pro

  18. Windows Police Pro