Windows Protection Suite is successor of such infamous rogues as Windows System Suite, Windows Security Suite, MalwareCatcher, Extra Antivirus, Ultra Antivir 2009, Virusdoctor, VirusAlarm. At first sight Windows Protection Suite look like legitimate antispyware application with useful features, low CPU load, fast updates and others. But in reality Windows Protection Suite is another representative of bogus security applications with one purpose – to steal money from simple-hearted computer users. Windows Protection Suite is promoted via misleading online scanners and Trojan horses. Once Windows Protection Suite gets in touch with your system it will be configured to start automatically every boot up. While running, parasite will flood your system with fake security alerts appearing from your Windows Taskbar. Moreover, Windows Protection Suite will constantly perform full system scans and list you exaggerated scan results in order to mislead you and push into purchasing this useless piece of software. We recommend you to remove Windows Protection Suite manually or using automatic removal tool.
Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:
How to remove Windows Protection Suite manually:
It's possible to remove Windows Protection Suite manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
c:\ADWARE_LOG
c:\Documents and Settings\All Users\Application Data\345d567
c:\Documents and Settings\All Users\Application Data\345d567\285.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\WI345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\WINPS.ico
c:\Documents and Settings\All Users\Application Data\345d567\working.log
c:\Documents and Settings\All Users\Application Data\345d567\WINSPSys
c:\Documents and Settings\All Users\Application Data\345d567\WINSPSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WINSPSys
c:\Documents and Settings\All Users\Application Data\WINSPSys\winps.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk
%UserProfile%\Application Data\Windows Protection Suite
%UserProfile%\Application Data\Windows Protection Suite\cookies.sqlite
%UserProfile%\Application Data\Windows Protection Suite\Instructions.ini
%UserProfile%\Desktop\Windows Protection Suite.lnk
%UserProfile%\Recent\cb.sys
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\cid.tmp
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\energy.drv
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\snl2w.sys
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Start Menu\Windows Protection Suite.lnk
%UserProfile%\Start Menu\Programs\Windows Protection Suite.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
Remove registry entries:
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "9877034603"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Protection Suite"
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "9877034603"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Protection Suite"
Please be careful because manual removal of Windows Protection Suite may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.
No comments:
Post a Comment