System Protection (designed to protect) is a new program that was created by virus writers in order to deceive people and to get money for the full version of it. This program pretends to be real antivirus that is going to remove all the infections from the infected computer. In reality System Protection just waits for you to pay a sum of money for the full version and when you will enter the bought license key, the program will be deactivated. But you should not use this method in order to remove System Protection (designed to protect). There are some other more effective methods. You will find one of them in this article. For example the first one is automatic.
If you System Protection (designed to protect) is installed on your computer, then you can notice its constant activity, such as the scanning process and the search results that are (of course) fake. This program behaves as if it is a real antivirus program, and every time when it will inform you about the unreal infections it will ask you to pay a sum of money for its full version. No matter what viruses will be included in to the fake list of the installed infections, you should not take it seriously. The only thing that you should do now is to remove System Protection (designed to protect).
How to remove System Protection manually:
- You should remove the following files:
%Documents and Settings%\[User Name]\asr.dat
%Documents and Settings%\[User Name]\Application Data\1tmp.bat
%Documents and Settings%\[User Name]\Application Data\defender.exe
%Documents and Settings%\[User Name]\Application Data\scan.dll
%CommonPrograms%\System Protection\System Protection.lnk
%ProgramFiles%\System Protection\System Protection.exe
You can navigate to the file or use search option in the Start Menu in order to find them. You should remove them, using Shift +Delete buttons. This method will remove the files once and forever and will not give a chance for the infection to restore itself.
- After that you should remove the following registry entries:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “ystem Protection”
HKEY_CURRENT_USER\Software\Microsoft “adver_id” = “29”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “System Protection”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “rundll32” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\defender.exe” /sn”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = “0”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “rundll32” = “”
So, you should open Registry Editor, for that you should press Windows+R buttons, then type regedit in the opened window and press Enter. You will see the window of the Registry Editor. Then you should do the backup copy of the registry and remove the enumerated registry entries.
- Scan your computer for infections with any real antivirus that was installed recently and updated.
Material provided by: Alesya Orlova