• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

How to remove XP Protection Center (Delete instructions)

Myantispyware team November 23, 2008    

XP Protection Center is a rogue antispyware program. XP Protection Center installed by a brastk.exe/karna.dat trojan and TDSServ trojan. Once infected, new icon, a red circle with a white X, will appear in the system tray and your computer will display fake security alert:

Your computer is infected!
Windows has detected spyware infection!
It is recommended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!

After clicking this, a window called XP Protection Center–Installer comes up stating “Please wait, downloading…”. These alerts are a fake and should be ignored!

During installation,XP ProtectionCenter configures itself to run automatically every time, when you start your computer. Once running, XP Protection Center will scan your computer and reports false or exaggerated system security threats on the computer to trick user to buy the paid version of XP Protection Center, in order to remove the potential and reported threats. Do not do it!

Symptoms in a HijackThis Log.

O4 – HKLM\..\Run: [XP Protection Center] “C:\Program Files\XPProtectionCenter\xpprotectioncenter.exe” /hide
O4 – HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User ‘Default user’)
O20 – AppInit_DLLs: karna.dat

Use the following instructions to remove XP Protection Center.

  • Download Avenger from here and unzip to your desktop.
  • Run Avenger, copy,then paste the following text in Input script Box:

    Drivers to delete:
    TDSSserv.sys

    Registry values to delete:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | XP Protection Center
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | brastk

    Files to delete:
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\karna.dat
    C:\WINDOWS\system32\karna.dat

    Folders to delete:
    C:\Program Files\XPProtectionCenter

    Then click on ‘Execute’.

  • You will be asked Are you sure you want to execute the current script?. Click Yes.
  • You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
  • Your PC will now be rebooted.
  • Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
  • Once downloaded, close all programs and Windows on your computer (including this one).
  • Double-click on the icon named mbam-setup.exe to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select “Perform Quick Scan”, then click Scan.
  • MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • MBAM will now delete all of the files and registry keys and add them to the quarantine.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

If you need help with the instructions, then post your questions in our Spyware Removal forum.

Rogue Anti Spyware Tutorials - HowTo

 Previous Post

How to remove brastk.exe/karna.dat trojan (FakeAlert trojan)

Next Post 

How to remove Antivirus Trigger (Delete instructions)

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Toobitx.com Scam, Fake STARLINK 0.31 BTC Promo Codes
scam alert
Zonelax.com Scam Alert: Fake Bitcoin Promo Codes
MemoMaster Reviews, Scam or Legit, Uncovering the Truth!
How to remove Undentory.com pop-up ads
scam alert
How to remove Unbitioid.com pop-up ads

Follow Us

Search

Useful Guides

Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide
How to reset Internet Explorer settings to default

Recent Guides

How to remove brastk.exe/karna.dat trojan (FakeAlert trojan)
How to use F-Secure Online Virus Scanner
How to remove VirusTrigger (Delete instructions)
How to remove SecureFileShredder or SecureFile Shredder (Removal instructions)
How to remove Ultra Antivirus

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.