Tuesday, 14 June 2011

How to Remove "Security Protection" (Uninstall Guide)

Security Protection is a fake antivirus program that pretends to scan your computer for security problems. This malware, often called scareware, fabricates a list of security threats it has found on your machine. It also generates false or misleading security alerts to make you think that your computer is infected with malicious software. To remove the non-existent infections and protect your self from malware, you will be prompted to buy the "full-version" of Security Protection designed to protect. That's one of the most common ways for cybercriminals to steal money from people. It's very important to remember that by purchasing such rogue security software you are submitting your credit card details and personal information to cyber-crooks. As a result, you may become a victim of credit card scam or even identity theft. So, if you thought that Security Protection was a legitimate software and have already purchased it, please contact your credit card company and dispute the charges. To remove Security Protection from your computer, please follow the removal instructions below.

Security Protection is distributed though the use of fake online scanners; that's probably the most popular malware distribution mechanism. For example, if you search for something on Google and then click on a search result or image you are taken to a webpage which serves up a fake online scanner. It claims to detect a large number of nonexistent threats and urges you to install malware removal tool or anti-virus software. Once downloaded to your computer, Security Protection runs a fake system scan. It displays fake security alerts, pop-up windows and notifications like very one or two minutes saying that your computer is infected.

Fake Security Protection alerts:

What is more, Security Protection blocks other programs on your computer, including your web browser and takes you to a web page where you can purchase it. It displays fake notification saying that Internet Explorer or any other program is infected with W32/Blaster.worm.
iexplore.exe can not start
File iexplore.exe is infected by W32/Blaster.worm
Please activate Malware Protection to protect your computer.

The good news is that your computer is not infected with W32/Blaster worm and other viruses as this rogue programs claims. However, you should remove Security Protection from your computer as soon as possible. Just restart your computer in Safe Mode with Networking, download anti-malware software and run a full system scan.

OPTIONAL: In case you can't boot your PC in Safe Mode with Networking or you can't delete the malicious files manually, you can use this code SL55J-T54YHJ61-YHG88 and any email to register the rogue application in order to stop the fake security alerts.

Once this is done, you are free to install recommended anti-malware software (direct download) to remove the rogue anti-virus program from your computer properly. If you need help in removing Security Protection from your computer, please leave a comment below. Additional information about this malware and comments are welcome too. Good luck and be safe online.

Related malware:

Security Protection removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this rogue anti-virus program from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

Security Protection associated files and registry values:


Windows XP:
  • C:\Documents and Settings\All Users\Application Data\defender.exe
Windows Vista/7:
  • C:\ProgramData\defender.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Protection"
Share this information with other people:

No comments:

Post a Comment