Virus Protector is a rogue antispyware program that installed through the use of trojans and uses false scan results and fake security alerts informing that your computer is infected in order to trick you into purchasing the full licensed version.
Once installed, the rogue will configure itself to run automatically when you logon to Windows and drop numerous files with random names on to your computer that are made to appear as infections, but are in reality harmless. These files, during the scan, Virus Protector will label as malware, trojans and viruses. Of course, the scan results are a fake. The malicious program is unable to find the infections, as will not protect you from possible infection in the future. Important, do not trust the scan results, simply ignore them.
In order to create the fully simulation that you computer is infected, Virus Protector will display various fake security warnings that stats:
Spyware Alert
Your computer is infected with spyware. It could damage your
critical files and expose your private data on the Internet. Click
here to register your copy of Virus Protector and remove
spyware threats from your PC.
Process is blocked!
Harmful memory infections detected.
Process [filename] was terminated.
Virus Protector
Internet attack
attempt detected
However, all of these alerts are fake and like false scan results should be ignored!
If you get infected with Virus Protector, please do not be fooled into buying it. Instead of doing so, follow the removal guide below in order to remove Virus Protector and any associated malware from your computer for free.
More screen shoots of Virus Protector
Symptoms in a HijackThis Log
F2 – REG:system.ini: Shell=C:\WINDOWS\system32\
O20 – AppInit_DLLs:
Spyware can do the following:
1. gather information about user habits of use of the Internet, what sites are visited most frequently (known as “tracking software”);
2. record keystrokes (keyloggers) and make a screenshots (screen scraper) and send collected data to the creator of the spyware;
3. remotely control user computer (remote control software) – backdoor, botnets, droneware;
4. download and run on user computer an additional malware;
5. analyze the state of security systems, scan an open ports, and look for vulnerabilities to crack passwords;
Use the following instructions to remove Virus Protector (Uninstall instructions)
Read the article: How to reboot computer in Safe mode and reboot your computer in the Safe mode with command prompt.
Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.
A notepad window opens. Type the following text into notepad:
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
AddReg=regsec
[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"
Once finished, please checkup the text twice. You will see a screen similar to the one below.
Notepad
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.
In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.
In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Virus Protector infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Virus Protector. MalwareBytes Anti-malware will now remove all of associated Virus Protector files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Virus Protector creates the following files and folders
The rogue uses random filenames to hide itself.
Virus Protector creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Protector”
Okay, Virus protector completely removed my desktop and bar,and I am unable to bring up task manager because it says “Task manager has been disabled by your administrator” which I never did, and it won’t let me right click anywhere. I’ve downloaded a couple of different anti malware and spyware, but once it is finished downloading, I am unable to open it up because it doesn’t appear on my desktop or it won’t open automatically. All this also happens to me in safe mode, please help!
Kris, boot your PC in Safe mode with command prompt. Once Windows is loaded and command prompt opens, type explorer.exe and press Enter. It should back your icons and taskbar. Now try to run Malwarebytes or another antispyware application.
Okay, I just finished trying it, when I did what you said, it just opened a window with my icons and all that stuff in it, but no task bar or task manager. So I tried opening malwarebytes, it would load, but never open. I don’t know why, I tried opening spyware doctor, and it said that it could not update, error in updating. So I was unable to perform any of the scans or clean it. The programs would not open up, I’m going to try to download other programs to see if they will open up. Got any other suggestions Patrik? Or anyone else got any other ideas? Thank you for helping I greatly appreciate it.
Kris, looks like your PC also infected with TDSS trojan. Download TDSSKiller from here, unzip it, run and follow the prompts. Once finished, try run Malwarebytes once again.
The TDSS Killer seemed to help, cuz malwarebytes opened, I tried an update, said error code 732 or something like that, so I just performed the scan anyway. It scanned for 1 hour and 5 mins for the quick scan, but did not finish, I had the blue screen come up. I was in normal mode, so I’m guessing that is why it happened. I will redo the procedure but in safe mode command prompt or networking. It had scanned 98k files and 43 are infected. I’m pretty sure it will work next time I do it, if not I’ll be back here. I just wanted to keep you updated to give you a more detailed view of it, if you see this as another problem please inform me, or if you think my idea won’t work please inform me also. Gonna try the procedure tomorrow. Thanks Patrik, you’ve been a really big help and I appreciate it a lot.
Yes! Mission accomplished, had to run malwarebytes in safemode with networking, and it worked beautifully, and I ran some other anti spyware to just fully clean it and now my computer works beautifully, thank you very much patrik for guiding me through this.
what if i cant geting either safe mode or safe mode with networking i click on it and it brings back up the fake sypware progrAM what should i do then
Todd, if the guidelines above does not help you, then ask for help in our Spyware removal forum.
I have to same issue, when running safe mode or safe mode with networking the fake spyware automatically runs, I can access Safe mode with command prompt, here I accessed computer management and accessed a memory stick I had plugged into the PC through Disk Management, which had malware bytes on. When I installed malware bytes and ran the program if found that the virus protector had disabled reg edit and task manager, which i then deleted. If i then go back to my command prompt I can now access reg edit and task manager appears when i do ctrl alt delete. However when I reboot the pc and try and log onto windows as normal the Virus Protector runs straight away again and task manager is again disabled. Any idea’s?
Also just to add: When I was able to access Reg Edit the following registry key was not there:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Protector
Charlotte, looks like your computer is infected with a new version of the rogue. Please ask for help in our Spyware removal forum.
i tried all the instructions above..but no one works..the virus protector still scans. plsss help!!!
Hi I got exactly the same problem as Kris. Only I need to translate all your help in Dutch:) but my problem is that malwarebytes doesn’t find any objects.. How is that possible? What can I do? Thank you in forward.
joy, please open a new topic in our Spyware removal forum. I will help you.
Haven’t seen anyone post with my particular problem – my PC is infected with Virus Protector. Although I can start up in safe mode with command prompt, and can open & navigate directories/open programs via explorer.exe, I CANNOT access the internet or read any storage devices (CD drive, USB stick, USB external hard drive). Any ideas about how else I can get software such as Malwarebytes installed in the first place? Driving me nuts, of course…thanks.
thank you my friend…your instructions were very useful…
my pc is ok again!
Thank you so much had that virus protector malware
& i folLowed your directions &IT WORKED JUST FINE
I was able to load in safemode, enter all ino in the comand prompt. saved the file,fixinfo. Close the notepad and opened Explorer.exe. I was able to right click, but I don’t it opened. I then did the command regedit pressed enter an the message, registry editing disabled. What next? I need help!!
So, I have made it to command prompt regedit. The Registry editor opened. How many of the files do you open?
I had a “Virus Protector” issue a few days ago and in no way I can stop it popping up on my terminal each time I tried to power on my PC. My terminal was completely blocked as the nasty Virus Protector website popped up and disallow me to do anything (i.e. task manager had been disabled and can’t get to my desktop and no start menu bar appeared either).
I was surfing the wet in the hope that I might be able to get some help and indeed I found your website.
Your website is superb, not only it is informative but instructions wwa precisely spelled out with ZERO error rate which enable me to fix my problem easily by just follow the detailed instructions.
I wish to express my sincere thanks to your hardwork and it is highly recommended to those who might have the same issue like me – invaded by VIRUS PROTECTOR!!!
Well done and many thanks!
Robert.
Katie, try re-create fix.inf and install it once again.
I followed the instructions and completed the malwarebytes scan. However the scan was not able to find anything infected. What do I do now as it’s still infected?
cyberjack, please open a new topic in our Spyware removal forum. I will check your computer.
Like taking a walk into quicksand, invaded by Virus Protector…:(
I am so grateful that you posted the repair procedure and that it did the trick for me.
Well done and many thanks!
David
Virus Protector has invaded my computer. In Safe Mode I have been able to download the app Malwarebytes, however I cannot get the app to run. When you click it, nothing happens. Any suggestions? This is very frustrating. Typing this from my laptop.
I followed the instructions – opened in safe mode with command – opened note pad and created the fix file – closed note pad – but the command mode will not let me open Explorer by typing explorer.exe – am I doing something incorrectly?- also, the fix file indicated Windows NT and I have Windows XP, will that make a difference?
Dave, probably your computer also infected with TDSS trojan. Follow the instructions: How to remove TDSS, first step.
Barry, the fix works to XP. To install the fix without using Explorer, please use steps below (fix.inf should be located on your desktop!!!).
1. Run Windows in Safe mode with command prompt.
2. In command prompt type:
%Windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %UserProfile%\desktop\fix.inf3. Press Enter.
4. Type shutdown -r and press Enter.
Hi there…trying to fix this on my PC with Vista. Any suggestions? This program has taken over completely. When I log on, I can’t even get to my desktop. Nothing. Just Virus Protector running. I tried your directions in safe mode but I didn’t get anything. Still Virus Protector running and nothing else. Is it Vista? Is there something different I should put in for Vista?
I can’t go into anything. 🙁
Amy, the above instructions should work for Vista too. You have tried them ? Most important boot your computer in Safe mode with command prompt.