Protection System

Protection System is a rogue program identified to pose severe threat to computers who can catch it. This potentially unwanted program can be present on the system either by manual execution or via drive-by download method wherein it can be installed without users full knowledge. Upon infection, Protection System will display numerous security alerts on computer alarming computer users of a possible security threats. It will advise then to register the program to clean all threats present on the computer. 

TypeRogue
Sub-TypeFakeAV
OS AffectedWindows

What Protection System Does?

An unregistered version of the virus scanner will run on bootup.

protection-system

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\software\protection system
  • HKEY_CURRENT_USER\software\protection system data
  • HKEY_CURRENT_USER\software\protection system dbsigns
  • HKEY_CURRENT_USER\software\protection system dbver
  • HKEY_CURRENT_USER\software\protection system fd
  • HKEY_CURRENT_USER\software\protection system guid
  • HKEY_CURRENT_USER\software\protection system infected
  • HKEY_CURRENT_USER\software\protection system infectedfiles
  • HKEY_CURRENT_USER\software\protection system lastscan
  • HKEY_CURRENT_USER\software\protection system secstatus_x
  • HKEY_CURRENT_USER\software\protection system settings_0
  • HKEY_CURRENT_USER\software\protection system swver
  • HKEY_CURRENT_USER\Software\Protection System
  • HKEY_CLASSES_ROOT\BhoNew.BhoApp
  • HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
  • HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Protection System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Protection System”
  • HKEY_CURRENT_USER\software eee0bd2f-ff2e-46ef-83fb-d4fda84462a3
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\uninstall\protection system
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\uninstall\protection system displayicon
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\uninstall\protection system displayname
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\uninstall\protection system displayversion
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\uninstall\protection system uninstallstring
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\uninstall\protection system urlinfoabout

The threat will drop the following malicious files:

  • c:\Windows\System32\coreext.dll
  • c:\Windows\System32\firewall.dll
  • c:\Windows\System32\wingenocx.dll
  • c:\Documents and Settings\All Users\Start Menu\Programs\Protection System
  • c:\Program Files\Protection System
  • c:\Program Files\Protection System\Help
  • c:\Program Files\Protection System\Help\images
  • c:\Program Files\Protection System\Help\images\buttons

How to Remove Protection System Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

How to Easily Remove Protection System

1. Print this procedure as we need to close all programs running later.
2. Download AntiMalware Application here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update the program
- Launch the program

7. The tool will run and update itself after installation. Close it after the update.

8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

9. Click on the icon and start to Perform Full Scan to begin scanning your computer for Protection System related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit AntiMalware Apps and restart your computer.

14. Protection System and all its files are now removed from your computer. To guard your computer from this threat and avoid future infections, you may want real-time protection from a full version of anti-malware program..

Leave a Reply

Your email address will not be published. Required fields are marked *

(Required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>