CurePCSolution

CurePCSolution

Updated:
January 09, 2007
Risk Impact:
Medium
Systems Affected:
Windows

Behavior

CurePCSolution is a program that simulates detection of threats on the computer.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version January 10, 2007
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date January 10, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
CurePCSolution is a program that simulates detection of threats on the computer.

When the program executes, it creates the following folders:
C:\Program Files\CurePCSolution
C:\Program Files\CurePCSolution\data
C:\Program Files\CurePCSolution\Quarantine
C:\Program Files\CurePCSolution\Repair Files
C:\WINDOWS\Installer\{2687B107-2B13-410A-A850-BE211B74AF12}

The program then creates the following files:
C:\WINDOWS\Installer\{2687B107-2B13-410A-A850-BE211B74AF12}\controlPanelIcon.exe
C:\WINDOWS\Installer\{2687B107-2B13-410A-A850-BE211B74AF12}\SystemFolder_msiexec.exe
C:\Documents and Settings\All Users\Desktop\Start CurePCSolution.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start CurePCSolution.exe.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\CurePCSolution\CurePCSolution.exe.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\CurePCSolution\Uninstall CurePSSolution.lnk
C:\Program Files\CurePCSolution\CurePCSolution.exe
C:\Program Files\CurePCSolution\curepcsolution.ini
C:\Program Files\CurePCSolution\data\params.dat
C:\Program Files\CurePCSolution\data\virus.dat
C:\Program Files\CurePCSolution\ExcludeParams.txt
C:\Program Files\CurePCSolution\help.chm

Next, the program creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\701B786231B2A0148A05EB12B147FA21
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\701B786231B2A0148A05EB12B147FA21
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DB26F59A41C29F84D9B590F606F2C401
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DB26F59A41C29F84D9B590F606F2C401
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2687B107-2B13-410A-A850-BE211B74AF12}

The program also creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\"C:\Program Files\CurePCSolution" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\"C:\Program Files\CurePCSolution\data" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\"C:\Documents and Settings\All Users\Start Menu\Programs\CurePCSolution" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\"C:\WINDOWS\Installer\{2687B107-2B13-410A-A850-BE211B74AF12}" = ""

The program may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the falsely reported threats.