Virus Protector is a rogue antispyware program that installed through the use of trojans and uses false scan results and fake security alerts informing that your computer is infected in order to trick you into purchasing the full licensed version.
Once installed, the rogue will configure itself to run automatically when you logon to Windows and drop numerous files with random names on to your computer that are made to appear as infections, but are in reality harmless. These files, during the scan, Virus Protector will label as malware, trojans and viruses. Of course, the scan results are a fake. The malicious program is unable to find the infections, as will not protect you from possible infection in the future. Important, do not trust the scan results, simply ignore them.
In order to create the fully simulation that you computer is infected, Virus Protector will display various fake security warnings that stats:
Your computer is infected with spyware. It could damage your
critical files and expose your private data on the Internet. Click
here to register your copy of Virus Protector and remove
spyware threats from your PC.
Process is blocked!
Harmful memory infections detected.
Process [filename] was terminated.
However, all of these alerts are fake and like false scan results should be ignored!
If you get infected with Virus Protector, please do not be fooled into buying it. Instead of doing so, follow the removal guide below in order to remove Virus Protector and any associated malware from your computer for free.
More screen shoots of Virus Protector
Symptoms in a HijackThis Log
F2 – REG:system.ini: Shell=C:\WINDOWS\system32\
Spyware can do the following:
1. gather information about user habits of use of the Internet, what sites are visited most frequently (known as “tracking software”);
2. record keystrokes (keyloggers) and make a screenshots (screen scraper) and send collected data to the creator of the spyware;
3. remotely control user computer (remote control software) – backdoor, botnets, droneware;
4. download and run on user computer an additional malware;
5. analyze the state of security systems, scan an open ports, and look for vulnerabilities to crack passwords;
O20 – AppInit_DLLs:
Spyware software are surreptitiously installed on user`s computer to collect information about computer’s configuration, user`s private information, user’s activity without his consent. Spyware may also change Windows settings, download and install other malicious programs without the user’s knowledge..dll
Use the following instructions to remove Virus Protector (Uninstall instructions)
Read the article: How to reboot computer in Safe mode and reboot your computer in the Safe mode with command prompt.
Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.
A notepad window opens. Type the following text into notepad:
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"
Once finished, please checkup the text twice. You will see a screen similar to the one below.
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.
In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.
In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Virus Protector infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Virus Protector. MalwareBytes Anti-malware will now remove all of associated Virus Protector files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Virus Protector creates the following files and folders
The rogue uses random filenames to hide itself.
Virus Protector creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Protector”