Virus Protector is a rogue antispyware program that installed through the use of trojans and uses false scan results and fake security alerts informing that your computer is infected in order to trick you into purchasing the full licensed version.
Once installed, the rogue will configure itself to run automatically when you logon to Windows and drop numerous files with random names on to your computer that are made to appear as infections, but are in reality harmless. These files, during the scan, Virus Protector will label as malware, trojans and viruses. Of course, the scan results are a fake. The malicious program is unable to find the infections, as will not protect you from possible infection in the future. Important, do not trust the scan results, simply ignore them.
In order to create the fully simulation that you computer is infected, Virus Protector will display various fake security warnings that stats:
Spyware Alert
Your computer is infected with spyware. It could damage your
critical files and expose your private data on the Internet. Click
here to register your copy of Virus Protector and remove
spyware threats from your PC.
Process is blocked!
Harmful memory infections detected.
Process [filename] was terminated.
Virus Protector
Internet attack
attempt detected
However, all of these alerts are fake and like false scan results should be ignored!
If you get infected with Virus Protector, please do not be fooled into buying it. Instead of doing so, follow the removal guide below in order to remove Virus Protector and any associated malware from your computer for free.
More screen shoots of Virus Protector
Symptoms in a HijackThis Log
F2 – REG:system.ini: Shell=C:\WINDOWS\system32\
O20 – AppInit_DLLs:
Use the following instructions to remove Virus Protector (Uninstall instructions)
Read the article: How to reboot computer in Safe mode and reboot your computer in the Safe mode with command prompt.
Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.
A notepad window opens. Type the following text into notepad:
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
AddReg=regsec
[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"
Once finished, please checkup the text twice. You will see a screen similar to the one below.
Notepad
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.
In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.
In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Virus Protector infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Virus Protector. MalwareBytes Anti-malware will now remove all of associated Virus Protector files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Virus Protector creates the following files and folders
The rogue uses random filenames to hide itself.
Virus Protector creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Protector”
Patrick, that command helped – I seem to have gotten rid of the Virus Protector – but I have lost my desktop and start menu – I did run the TDSS Killer software that was recommended to Kris (I ran it through the command prompt) and I tried to run the Malwarbytes through the command prompt as well but I can’t get to my desktop/start menu in normal windows or when I open in safe mode – any other recommendations?
I remove the virus very easily
I start the laptop in debuge mode, so virus could not run in this mode
i have already malwarebyte installed(can installed if dont have it)
then i run malwarebyte, and it clears the damn virus.
Barry, boot your computer in Normal mode. Once Windows loaded, press CTRl + ALT + DEL. Task manager opens. Click File, New task. Type explorer.exe and press Enter. You icons and taskbar should back. Try run Malwarebytes and perform a scan.
Patrick, your advice has been terrific. I have been battling this Virus Protector Beast for three days. Safe Mode with Command Prompt was the clue I needed. Renaming the scanner installation solved the next problem. This machine is almost back to normal, but I still have no taskbar or icons. Explorer.exe opens Windows Explorer, but no desktop.
Run Registry Editor and check HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell key. It should contains “Explorer.exe”
If I press CTRL + ALT +DEL, I get a message indicating that the Task Manager has been restricted by Administrator. NOTE: When I did run the TDSSKiller, the result screen indicated that nothing was found or eliminated. Am I possibly dealing with a more serious trojan virus?
Again, any assistance is appreciated. I do feel like I am making some progress.
Barry, you have tried check “shell” value as i posted above ? If you need a help, please open a new topic in our Spyware removal forum.
I found that I was denied access to my entire user profile and was being switched to the default profile. The microsoft Security Essentials tool found another nasty trojan: win32/FakeMagic. That gave me back my user profile and my icons, but regedit still says it has been disabled by my administrator.
carfixr44, open a new topic in our Spyware removal forum. I will help you. Also you can scan your computer with Malwarebytes, it should fix your trouble.
For those having issues with Malwarebytes not removing this, try SuperAntiSpyware. It worked on my dad’s pc as MWB didn’t find anything.
Hello. I downloaded this Virus Protector thing and now I cannot access any of my files, documents, etc. when I open my laptop. As soon as I open my laptop and after the welcome logo appears, this Virus Protector thing starts running and the background is black. I cannot right-click to close it and I cannot stop it since the window’s start logo won’t open. I really need help. It’s my new laptop and I need it for college. Any advice? Thanks.
meena, read the instructions above. You need use safe mode with networking to repair your computer.
I followed the above steps and seems like the Virus Protector is removed. Coz now when i start the PC there is nothing.
Problem is i see only my Wallpaper and nothing else.
Tried the CTRL + ALT + DEL… but it wont allow me the access.
i downloaded the Malwarebytes in the Safe mode with network.
“Run Registry Editor and check HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell key. It should contains “Explorer.exe””
How to run Registry Editor when i have no access to anything??
Please Help
Using Windows XP
Ricky, run Malwarebytes Anti-malware in Safe mode.
ok,i have the virus protector problem,i have followed all directions and nothing will work, i can not get to my task manager and can not get to my desktop what so ever…im not sure what to do…i have many pics of my sons firsts on this computer and im afraid i wont get to see them agian because of this virus….can someone help please!!!
tt, probably your computer infected with a new version of the rogue. Ask for help in our Spyware removal forum.
Very simple fix… Go into safe mode with command prompt and type the following:
%systemroot%\system32\restore\rstrui.exe
I tried all the other things and nothing worked. I did this and restored my computer to 3 days prior and it works perfectly!
Hope this helps!!!!
Thank u so much Nick!!!! I tried everything else also and had no success. Then I found your post and everything is back to normal. Once again thank you so much Nick, your a life saver.
I tried to run Windows in Safe mode, but I get BSOD. Help!!!!!
I have followed the instructions to the point where I have copied MalwareBytes Setup to a Memory Stick but when I try to install it to the infected computer I get an error message, Error Code: 732(12007,0),and report to Anti-Malware support team.
I pressed OK and MalwareBytes allowed me to run a full scan.
After running MalwareBytes, VirusProtector was still active.
Your help appreciated
I have now followed the advice of (Comment by) Nick — March 27, 2010 and have got rid of Virus Protector
Jason, open a new topic in our Spyware removal forum.
Brian, looks like you can`t update Malwarebytes. Read the instructions and update it manually.
Hi, I have a problem with virus protector, i tried everithing posted above and nothing,i going crazy
I tried the fixes but nothing seemed to work. Decided to do a good ol system restore and everything is fine! I went into safemode with command prompt, typed explorer.exe, located system restore (start menu>programs>accessories>system tools>system restore). Pcked a date about a week ago and all worked fine. Quickly updated my malwarebytes and avg and ran full scans. All is well! Hope this helps whoever can access explorer!
Davide, then open a topic in our Spyware removal forum.
It worked perfectly.
1.Started the system in Safe mode with command prompt.
2. I change directory to E(which is my DVD drive)where Malwarebytes is located.
3. Then installed the Malwarebytes from my dvd drive.
4. run scan then restart.
5. problem solved.
6. Thanks Patrick. You’re awesome dude!
Used safe mode with command prompt. Restored using method described by Nick above. Works fine now.
But think about it, if they find a way to run it in Same mode with command prompt, plus if they screw/corrupt restore points (so booting from Windows original installation DVD would be useless) it would be PERFECT malware! Only way to get rid of it would be complete system re-installation or bootable media(Linux based?) with NTFS drivers and antimalware soft. Early versions of Virus Protector was allowing to boot into Safe Mode with networking. Now it is not possible. Also before user was able to access regedit from Safe Mode, not anymore (apparently disabled by group policies). So developers are working! Looking forward to see what new features will be implemented in VP;)
Followed the instructions and the bastard beast disappeared. Thanks to the genius of Patrik.
Thank you for your clear instructions and the writing of the FiX.inf file. That seemed to be the final missing fix on all the other sites about “remove virus protector”
Thanks again!
Ricardo Frustockl