MalwareProtector2008
MalwareProtector2008 or sometimes called as Malware Protector 2008 is a misleading security application that gives exaggerated reports of identified threats on the computer. Malware Protector 2008 uses unfair marketing strategies to sell the program in a fraudulent manner. This fake security application is distributed through the Internet via Trojan infection. It comes in a form of screen saver file that when executed will present bugs on your screen. Also, desktop wallpaper will reveal the message:
Warning!
Spyware detected on your computer.
Install an antivirus or antispyware remover to clean your computer.
Next, Malware Protector 2008 provides an illegitimate toolbar for your Internet browser. It contains a seemingly useful buttons like Remove Pop-ups, Scan Spyware, Spam Protection and Security Test. When clicked, all of these buttons will lead to another fake error message. All of Malware Protector
2008 is accounted as an endorsement effort to push computer users to pay $49.95 for its registered version. Failure to complete the payment heads to an excessive display of warning alerts.
During the fake scan conducted by Malware Protector 2008, it detects numerous Trojans and viruses which are successfully removed. Though, the rogue program threatens computer users that these risks will return to the system once Malware Protector 2008 is removed.
Don’t be bothered with that scare tactics. Remove Malware Protector 2008 from the affected computer without spending a penny.
Damage Level: Low
Systems Affected: Windows 95/98/Me, Windows NT/2000/, Windows XP
Screen Shot Image:
precisesecurity
Jun 05, 2008 @ 00:26:37
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Reboot Windows in Safe Mode. [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”SMshcev9j0e1b1″ = “C:\Program Files\shcev9j0e1b1\shcev9j0e1b1.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcev9j0e1b1
\”DisplayName” = “MProtector”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcev9j0e1b1
\”UninstallString” = “C:\Program Files\shcev9j0e1b1\uninstall.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”RegistrationUrl” = “http://www.malwareprotector2008.com/buy/”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”RegistrationDiscUrl” = “http://www.malwareprotector2008.com/purchase/”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ADVid” = “”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”" = “C:\Program Files\shcev9j0e1b1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”InstallDir” = “C:\Program Files\shcev9j0e1b1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”domain” = “malwareprotector2008.com”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”SoftID” = “MProtector”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”DatabaseVersion” = “2.1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ProgramVersion” = “2.1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”EngineVersion” = “2.1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”GuiVersion” = “2.1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ProxyName” = “”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ProxyPort” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ScanPriority” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”DaysInterval” = “7″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ScanDepth” = “2″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ScanSystemOnStartup” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”AutomaticallyUpdates” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”MinimizeOnStart” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”BackgroundScan” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”BackgroundScanTimeout” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”MGuid” = “{0DB56EFC-EE39-447F-94AB-73409F51AC2E}”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”InstallationID” = “{F2D62961-6358-4CCF-B806-7664421D16B2}”
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”LastTimeStamp” = “B8″
HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows
\ShellNoRoam\MUICache\”C:\Program Files\shcev9j0e1b1\shcev9j0e1b1.exe” = “shcev9j0e1b1″
6. Exit registry editor and restart Windows.
7. In order to make sure that threat is completely eliminated, carry out a full scan of your system using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
guest
Jun 13, 2008 @ 16:23:21
The shcev9j01b1 naming convention is not unique. I was infected by MP2008 and everything was named with lphcg320ea7e or phcg320ea7e. The removal instructions are pretty standard but object naming convention may vary.
Stan
Jun 15, 2008 @ 02:54:20
I am beating my head against a wall. I got the Malware Protector virus and have tried 5 different programs all supposed to be aimed at Malware Protector 2008, non of which have cured it.
I did manage to delete most of the programs and correct the registry after finding the file shc3abjOet4j.exe and searching several different ways to find everything related to it.
I am now to the point where my desktop is being overridden by a blue screen with the dialogue box “Warning you computer is infected with a virus.” I can only run my computer in safe mode with networking and some of the updates will not install.
What do I do now?
How do I find the culprit that last lingering file.
Needless to say this is really costing me time and money when I cannot get my work out. So any rush you could put on this would be appreciated.
Thank you
stijncasteels
Jun 15, 2008 @ 16:53:11
Hi everyone!
I have deleted the Malware Protector 2008 program and it’s gone but the only problem is the blue screen saver. It is always getting back and I don’t know how to get rid of it so please someone can help me?
Richard Ogima
Jun 25, 2008 @ 23:35:39
I think I finally got rid of all files associated with Malware, what a nasty program. That blue screen pop-up is actually a screen saver, hidden away in your C:\Windows\ or C:\Windows\system32, there are like 3 files in there that are related to shcev9j0e1b1 or something like that. Anyhow, it was tough work, had to go into safe mode, delete the install fails because I was locked out of Admin. I don’t think I will download any files until I know about their credibility, unless I want to reformat my computer again and again.