Virus Protector is a rogue antispyware program that installed through the use of trojans and uses false scan results and fake security alerts informing that your computer is infected in order to trick you into purchasing the full licensed version.
Once installed, the rogue will configure itself to run automatically when you logon to Windows and drop numerous files with random names on to your computer that are made to appear as infections, but are in reality harmless. These files, during the scan, Virus Protector will label as malware, trojans and viruses. Of course, the scan results are a fake. The malicious program is unable to find the infections, as will not protect you from possible infection in the future. Important, do not trust the scan results, simply ignore them.
In order to create the fully simulation that you computer is infected, Virus Protector will display various fake security warnings that stats:
Spyware Alert
Your computer is infected with spyware. It could damage your
critical files and expose your private data on the Internet. Click
here to register your copy of Virus Protector and remove
spyware threats from your PC.
Process is blocked!
Harmful memory infections detected.
Process [filename] was terminated.
Virus Protector
Internet attack
attempt detected
However, all of these alerts are fake and like false scan results should be ignored!
If you get infected with Virus Protector, please do not be fooled into buying it. Instead of doing so, follow the removal guide below in order to remove Virus Protector and any associated malware from your computer for free.
More screen shoots of Virus Protector
Symptoms in a HijackThis Log
F2 – REG:system.ini: Shell=C:\WINDOWS\system32\
Spyware software are surreptitiously installed on user`s computer to collect information about computer’s configuration, user`s private information, user’s activity without his consent. Spyware may also change Windows settings, download and install other malicious programs without the user’s knowledge.
.exeO20 – AppInit_DLLs:
Spyware can do the following:
1. gather information about user habits of use of the Internet, what sites are visited most frequently (known as “tracking software”);
2. record keystrokes (keyloggers) and make a screenshots (screen scraper) and send collected data to the creator of the spyware;
3. remotely control user computer (remote control software) – backdoor, botnets, droneware;
4. download and run on user computer an additional malware;
5. analyze the state of security systems, scan an open ports, and look for vulnerabilities to crack passwords;
Use the following instructions to remove Virus Protector (Uninstall instructions)
Read the article: How to reboot computer in Safe mode and reboot your computer in the Safe mode with command prompt.
Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.
A notepad window opens. Type the following text into notepad:
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
AddReg=regsec
[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"
Once finished, please checkup the text twice. You will see a screen similar to the one below.
Notepad
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.
In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.
In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Virus Protector infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Virus Protector. MalwareBytes Anti-malware will now remove all of associated Virus Protector files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Virus Protector creates the following files and folders
The rogue uses random filenames to hide itself.
Virus Protector creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Protector”
Hi Guys hope this helps I removed it by using norton 2010. but you could use your security package if you have one installed. load safe mode command prompt type explorer.exe then right click on you main drive and scan.
my computer is infected with the “virus protector” rogue software and does not let me enter safe mode. It stops at a line of text saying mup.sys. I cannot get to my device manager as the virus protector software loads everytime I get into safe mode or normal mode. I can’t fix the registry entry or download malwarebytes either since I can’t get access to the internet (nothing appears except for the rogue program). What would you suggest? Any help would be appreciated!
clara, what is your Windows version ?
its windows XP home edition. Do you think my only option is to reinstall windows and wipe everything out?
Finished with safe mode propt instructions…new problem computer turns on but I don’t see my desktop. It’s complety black all I see is my mouse. Please help.
Clara, reinstall windows is simplest way for you.
Ariana, looks like you have made an mistake in the fix.above. Try the following (you also can repeat the steps above):
Once Windows loaded, press CTRL + ALT + DEL. TaskManager opens. Click File, New Task. Type explorer and press Enter. It should back your icons and Start button. Now download Malwarebytes and perform a scan.
just download malware onto some other computer that boots into windows and pull out your hard drive and scan it from the working computer. dont even need to boot at all just right click and scan with malware.
i just finished all of the steps the best i could. i don’t really understand where the the text in notepad comes into play though. currently on an older computer i’m running win 2000 professional. all the pop ups all went away, but there is still a high pitched screeching when i go online. is there a way to fix this? thanks for the help
Everytime I log onto my computer the virus protector comes up straight away not allowing me to even get up task manager. I can’t log into safe mode cos it always restarts when I try to and the only thing left I have is this user account which isn’t the admin one so I’m unable to even fix up some problems. Help me I have too much important things on my computer that I CAN NOT lose.
Shane, try update Malwarebytes and perform a fresh scan. Also you can scan your computer with SuperAntispyware. If it does not help, then open a new topic in our Spyware removal forum. I will help you.
James,
1. whats your Windows version ?
2. You have tried boot your PC in tha last good configuration ?
Thank you so much it worked for me
Just a note of thanks for this one. The registry fix was the key. Great work. I was two minutes away from a reformat when I stumbled upon your solution.
I’m using Xp second edition.
And I have tried that but nothing happens. I can’t log into my account without the stupid virus protector coming up. Though I’ve managed to log onto another account that exist and get access to all my files by inserting the xp cd. So I guess once I back everything up, only thing to do is to format and reboot windows
James, you mean Recovery console mode ?
i done all steps as listed and after the reboot so i could download program all i had was a black screen .
so couldn’t go on internet
tracie, probably you have made a mistake in the fix.inf above. Try repeat the above instructions.
Okay I got the anti virus problem as well, I got wondows xp, how can I fix this?
Anthony, you have tried the instructions above ?
I did everything in the instructions, then I performed a quick scan and it deleted some infections but I still can’t run my vista normally without the virus protector blocking my desktop and it won’t let me do anything, I’m currently performing a full scan if things still don’t go right when I run vista on normal then what should I do ?
im having the same problem as tracie, im running vista and all i’m getting is a black screen 🙁
But when, as others have discovered, Windows will no longer boot into safe mode/command prompt… Winternals does a nice job of using system restore. Restore back to before you had the problem, install and scan with Malwarebytes (full scan) and it will remove it.
Oh gosh, YOU ARE A LIFESAVER! I have projects that are major grades in this computer and then that thing gets in it uugghhh but thank you ALOT for posting how to delete it (: Thank you my pc is good again 😀
AJ, probably you infected with a new version of the rogue. Please start a new topic in our Spyware removal forum. I will check your PC.
thanks fellas for giving us the ability to feel like a member of geek squad thx for ur help I dont know how much warcraft I would have missed if u didnt have the fix
Thanks for the post, i have done what you said, but when i turn my pc back on in normal mode, the virus protector still pops back up! and i cant run anything :(, after i save the file fix.inf, and install it, am i supposed to run run that file after i turn on my computer and start the sacn? help me please this virus protector program is a little rascal!
i was able to run malwarebytes and delete several files, rebooted, but windows did not show any icons. read more of your website and restored the system to a good point, but still having problems. i am using a son’s laptop to review your site. typed in the restore commands of 4-16-2010 and restored again, but same problems. any help you can give me?
why can’t some authorities monitor where payments are made to these hijackers and close them down? isn’t this a crime of some sort. looks like to me they are very unproductive people making a mess of a good thing like the intenet, i just don’t understand them.
thanks
1
Darji11, boot your PC in Safe mode with command prompt, run registry editor, open HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows NT\CurrentVersion\Winlogon. In right part of window click twice to Shell. Type explorer.exe and press Enter.
Close registry editor and reboot your PC.
dayle, looks like “explorer.exe” is not started. Try follow the steps from my previous comment.