Wednesday 3 February 2010

Remove "Your PC Protector" virus (Uninstall guide)

"Your PC Protector" is a fake antivirus program (a false system scanner) that reports false or grossly exaggerated threats to make you think that you are infected. It’s classified as rogue security software, but actually it’s a Trojan virus. Your PC Protector is a clone of Windows Antivirus Pro and Windows Police Pro scareware. All three programs use the same graphical user interface and display premeditated computer threats/infections. Usually, this fake software comes from fake online anti-malware sacanners, misleading websites, via Facebook or MySpace and you may even get a bogus message in IM or Skype. Be very careful and don’t click on any ads or links that look suspicious or comes from people you don’t know. If you are infected with this virus, please read further to find out how to remove Your PC Protector from the system for free using legitimate anti-malware software.



"Your PC Protector" video: (thanks to rogueamp)


While Your PC Protector is running, you will see many fake security alerts and notifications stating that your computer is infected, under attack or seriously compromised. The funny thing is that cyber criminals didn’t even bother to create new alerts. They use the old ones that were displayed by Windows Antivirus Pro and Windows Police. The fake warnings read:

Security Warning
Your computer continues to be infected with harmful viruses.
In order to prevent permanent loss your information and
credit card data theft please activate your antivirus software.
Click here to enable protection.

Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack



Of course, there are more such warnings. Just ignore them. Now, false scan results and fake alerts are not the biggest problems. The worst thing is that Your PC Protector blocks legitimate antivirus and antispyware software. The rogue program will display a fake error message that states:

Warning
Running of application is impossible.
The file [file location goes here] is infected.
Please activate your antivirus program.

It also impersonates Windows Security Center. Also note that YourPCProtector may come bundled with TDSS trojan-rootkit. It usually redirects search results in Google, Yahoo, MSN and blocks an access to security related websites. As you can see, this rogue program is a total scam. Please don’t purchase it! If you already did that, then contact your credit card company and dispute the charges. Then read the removal instructions below and get rid of Your PC Protector as soon as possible.


Your PC Protector removal instructions:


Method #1
1. Go to Start->Run or press WinKey+R. Type in "command" and press Enter key.


2. In the command prompt window type "notepad". Notepad will come up.


3. Copy all the text in blue color below and paste into Notepad.

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Reboot your computer.
7. Download the file TDSSKiller.zip and extract it into a folder. Execute the file TDSSKiller.exe. Wait for the scan and disinfection process to be over. Close all programs and press "Y" key.
8. Download one of the following anti-malware applications:
9. Install the selected application, update it an run a system scan.

Method #2
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download one of the following anti-malware applications:
3. Reboot your PC back to Normal Mode and run a system scan again.


Your PC Protector associated files and registry values:

Files:
  • C:\Program Files\Your PC Protector
  • C:\Program Files\Your PC Protector\Your PC Protector.exe
  • C:\Program Files\wpp.exe
  • C:\Program Files\adc32.dll
  • C:\Program Files\alggui.exe
  • C:\Program Files\nuar.old
  • C:\Program Files\wp3.dat
  • C:\Program Files\wp4.dat
  • C:\Program Files\svchost.exe
Registry:
  • HKEY_CLASSES_ROOT\CLSID\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02}
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
  • HKEY_CURRENT_USER\SOFTWARE\Your PC Protector

Share this information with other people:

No comments:

Post a Comment