Sunbelt researchers have today identified protectwin(dot)com as purveying some pretty nasty spyware: Braveysentry (a rogue antispyware application) as well as a zlob fake codec.
Alex Eckelberry
(Credit to Sunbelt researcher Patrick Jordan)
Correction: The site installs Braveysentry (a rogue antispyware application) that uses a trojan installer that generates the fake alerts, hijack’s user desktops, and installs the rogue antispyware application. This same trojan (winstall.exe 2005 -2006, now xpupdate.exe 2007) is also used via a fake codec page to appear as a zlob fake codec but is really the same winstall/xpudate trojan installer.