ProtectPcs

ProtectPcs is another released of the rogue variants coming from the Wini family of fake security applications. ProtectPcs Trojan is spread by utilizing a fake security websites and a fake multimedia websites. On fake security websites, ProtectPcs can be downloaded by its counterfeit online virus scanners while on the other, ProtectPcs will pretend as a needed program for a multimedia file. When installed on the computer, ProtectPcs Trojan will alter the registry to make sure that the program will run when Windows is started. With this, ProtectPcs can be able to end anti-virus programs, redirect Internet browsers and disable various functionalities of Windows including Safe Mode, Registry Editor and Folder Options. To be able to remove ProtectPcs, a manual removal or a combination of different security programs is recommended.

TypeRogue
Sub-TypeFakeAV
AliasesProtect Pcs Malware
OS AffectedWindows
Detected ByMalwareBytes

What are the Symptoms of ProtectPcs Infection?

ProtectPcs Image

Fake anti-virus ProtectPcs will run its own virus scan as shown above.

It will modify Windows Registry and add the following entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\ProtectPcs
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “ProtectPcs.exe”
  • HKEY_CURRENT_USER\Software\ProtectPcs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\ProtectPcs

The threat will drop the following malicious files:

  • %Program Files%\ProtectPcs Software
  • %Program Files%\ProtectPcs Software\ProtectPcs
  • %Program Files%\ProtectPcs Software\ProtectPcs\ProtectPcs.exe
  • %Program Files%\ProtectPcs Software\ProtectPcs\uninstall.exe
  • %WINDOWS%\12114sp9z6s.dll
  • %WINDOWS%\10548spy426q.exe
  • %WINDOWS%\system32\1d347virus147.exe
  • %WINDOWS%\system32\4f612hacktoo87fq9.dll
  • %WINDOWS%\system32\2z7a9par5e943.bin
  • %Documents and Settings%\All Users\Desktop\ProtectPcs.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\ProtectPcs
  • %Documents and Settings%\All Users\Start Menu\Programs\ProtectPcs\1ProtectPcs.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\ProtectPcs\2 Homepage.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\ProtectPcs\3 Uninstall.lnk 

How to Remove ProtectPcs Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.

How to Easily Remove ProtectPcs

1. Download and run Removal Tool to remove ProtectPcs

Leave a Reply

Your email address will not be published. Required fields are marked *

(Required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>