Wednesday, May 23, 2012

System Protection Tools rogue. The way it can be removed from the system.

System Protection Tools is a new virus which can easily attack your PC at present time. As any pother antiviruses this one has its aims and methods of work inside your PC. What should users know about the virus? When it penetrates into your system it begins to scan it and then provides you with the list of threats it supposedly finds in your PC. If you were sure that your system is safe and clear of viruses System Protection Tools can convince you that your were wrong. How can it do that? This malicious programs claims to be an antivirus for you. And it can actually fool you in such way. It shows you the threats and wants you to purchase its product for the further removal of those above-mentioned threats. Do not buy it under any circumstances! If you do the purchase you will get nothing at all.



System Protection Tools will try to do everything for you to believe that your system is really infected and damaged by a lot of scams and trojans. It can make your files and folders disappear. It can block your Internet connection. No matter what it does inside your computer do not let it fool you. Ignore everything it shows you and provides you with. All information is fake. We recommend you to remove it with the help of our anti-malware program Loaris Trojan Remover. This program was developed by our specialists for the removal of such viruses like System Protection Tools.

System Protection Tools automatic remover:


System Protection Tools automatic remover

System Protection Tools video removal guide:


System Protection Tools manual removal guide:

Delete System Protection Tools files:

  • %AppData%\\Microsoft\\Internet Explorer\\Quick Launch\\System Protection Tools.lnk
  • %AppData%\\System Protection Tools\\Instructions.ini
  • %AppData%\\System Protection Tools\\ScanDisk_.exe
  • %Desktop%\\System Protection Tools.lnk
  • Programs%\\System Protection Tools.lnk
  • %StartMenu%\\System Protection Tools.lnk
  • %CommonAppData%\\58ef5\\SP98c.exe
  • %CommonAppData%\\58ef5\\SPT.ico
  • %CommonAppData%\\SPUPCZPDET\\SPABOIJT.cfg

Delete System Protection Tools registry files:

  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\System Protection Tools "%CommonAppData%\\58ef5\\SP98c.exe" /s /d
  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall
  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\System Protection Tools
  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\System Protection Tools\\DisplayIcon [unknown dir]\\[unknown file name].exe,0
  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\System Protection Tools\\DisplayName System Protection Tools
  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\System Protection Tools\\DisplayVersion 1.1.0.1010
  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\System Protection Tools\\InstallLocation [unknown dir]\
  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\System Protection Tools\\Publisher UIS Inc.
  • HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\System Protection Tools\\UninstallString "[unknown dir]\\[unknown file name].exe" /del
  • HKLM\\SOFTWARE\\Classes\\CLSID\\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKLM\\SOFTWARE\\Classes\\CLSID\\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\\ Implements DocHostUIHandler
  • HKLM\\SOFTWARE\\Classes\\CLSID\\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\\LocalServer32
  • HKLM\\SOFTWARE\\Classes\\CLSID\\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\\LocalServer32\\ [unknown dir]\\[unknown file name].exe
  • HKLM\\SOFTWARE\\Classes\\CLSID\\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\\ProgID
  • HKLM\\SOFTWARE\\Classes\\CLSID\\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\\ProgID\\ [unknown file name].DocHostUIHandler
  • HKLM\\SOFTWARE\\Classes\\Dumped_.DocHostUIHandler
  • HKLM\\SOFTWARE\\Classes\\Dumped_.DocHostUIHandler\\ Implements DocHostUIHandler
  • HKLM\\SOFTWARE\\Classes\\Dumped_.DocHostUIHandler\\Clsid
  • HKLM\\SOFTWARE\\Classes\\Dumped_.DocHostUIHandler\\Clsid\\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKLM\\SOFTWARE\\Microsoft\\Tracing\\FWCFG
  • HKLM\\SOFTWARE\\Microsoft\\Tracing\\FWCFG\\ConsoleTracingMask -65536
  • HKLM\\SOFTWARE\\Microsoft\\Tracing\\FWCFG\\EnableConsoleTracing 0
  • HKLM\\SOFTWARE\\Microsoft\\Tracing\\FWCFG\\EnableFileTracing 0
  • HKLM\\SOFTWARE\\Microsoft\\Tracing\\FWCFG\\FileDirectory %windir%\\tracing
  • HKLM\\SOFTWARE\\Microsoft\\Tracing\\FWCFG\\FileTracingMask -65536
  • HKLM\\SOFTWARE\\Microsoft\\Tracing\\FWCFG\\MaxFileSize 1048576
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AAWTray.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AAWTray.exe\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVCare.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVCare.exe\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVENGINE.EXE
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVENGINE.EXE\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVWEBGRD.EXE
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVWEBGRD.EXE\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\About.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\About.exe\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Ad-Aware.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Ad-Aware.exe\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AdwarePrj.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AdwarePrj.exe\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AlphaAV
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AlphaAV\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AlphaAV.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AlphaAV.exe\\Debugger svchost.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AluSchedulerSvc.exe
  • HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AluSchedulerSvc.exe\\Debugger svchost.exe
    • And many others.
Автор: на
Ярлыки: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)