Category Archives: Uncategorized

System Progressive Protection Rogue Removal Instructions

The Emsisoft malware research team has discovered an outbreak of the System Progressive Protection rogue. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SystemProtection.

System Progressive Protection is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results, which say that your computer has a problem, or is infected with viruses or trojans, but you will not be able to fix anything before you purchase the program.

Creates new files:

  • %CommonAppData%\[random]\[random].exe
  • %CommonAppData%\[random]\[random].ico
  • %CommonAppDAta%\[random]\[random]
  • %UserProfile%\Desktop\System Progressive Protection.lnk
  • %UserProfile%\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk


Creates new registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    [random] = %CommonAppData%\[random]\[random].exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Progressive Protection
    DisplayIcon = %CommonAppData%\[random]\[random].ico,0
    UninstallString = %CommonAppData%\[random]\[random].exe -u
    ShortcutPath = %CommonAppData%\[random]\[random].exe -u
    DisplayName = System Progressive Protection


Screenshots:

System Progressive Protection 1.png System Progressive Protection 2.png System Progressive Protection 3.png System Progressive Protection 4.png

How to remove the System Progressive Protection (Rogue.Win32.SystemProtection)?

To remove this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to quarantine.

Posted on October 13th, 2012

Antivirii 2011 Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Antivirii 2011. Emsisoft Anti-Malware detects this malware as Rogue.Win32.Antivirii2011.

Antivirii 2011 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %SystemRoot%\llwzhxdd.exe
  • %SystemRoot%\antivirii.exe

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
    Security = %SystemRoot%\llwzhxdd.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
    Debugger = C:\xhergjui.exe

Screenshots:

Rogue.Win32.AntiVirii2011

Rogue.Win32.AntiVirii2011

Rogue.Win32.AntiVirii2011

How to remove the infection of Antivirii 2011 (Rogue.Win32.Antivirii2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Posted on December 13th, 2011

Smart Defragmenter Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the Smart Defragmenter adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SmartDefragmenter.

Smart Defragmenter is a rogue application, this is another variant of HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %UserProfile%\Desktop\Smart Defragmenter.lnk
  • %UserProfile%\Local Settings\Temp\%random%.bmp
  • %UserProfile%\Local Settings\Temp\%random%.exe
  • %UserProfile%\Local Settings\Temp\%random%
  • %UserProfile%\Start Menu\Programs\Smart Defragmenter\
  • %UserProfile%\Start Menu\Programs\Smart Defragmenter\Smart Defragmenter.lnk
  • %UserProfile%\Start Menu\Programs\Smart Defragmenter\Uninstall Smart Defragmenter.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe

Screenshots:

How to remove the infection of Smart Defragmenter (Adware.Win32.SmartDefragmenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Posted on November 11th, 2010

Antivir Solution Pro Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the Antivir Solution Pro adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntivirSolutionPro.

Antivir Solution Pro is a rogue security program, this is a new variant from AVSecuritySuite, Antivirus Suite, and Antivirus Soft. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new file:

  • %UserProfile%\Local Settings\Application Data\%random%\%random%.exe

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\AVSolution
  • HKEY_LOCAL_MACHINE\software\AVSuitE
  • HKEY_CURRENT_USER\software\AVSolution
  • HKEY_CURRENT_USER\software\AVSuitE
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “%random%”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “%random%”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
    ProxyServer = http=127.0.0.1:5643
    ProxyOverride = <local>
  • HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\PhishingFilter
    EnabledV8 = 0×00000000 (0)
    Enabled = 0×00000000 (0)

Screenshots:

How to remove the infection of Antivir Solution Pro (Adware.Win32.Antivir Solution Pro)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Posted on July 20th, 2010