Privacy Protection

This page contains free removal guide and tool for Privacy Protection virus. Please follow the procedure carefully to delete Privacy Protection from your PC.

Privacy Protection disguises as anti-virus software. Obviously, it is a member of a rogue family using the same console from older variants. With the rebirth of this new model, Privacy Protection demonstrate same old damages with new authority over other programs installed on the system. It blocks execution of any software and if you try, it will announce that the file is infected. The alert will contain this message:

Program.exe cannot start!
File Program.exe is infected by W32/Blaster.worm.
Please activate Privacy Protection to protect your computer.

We try to run anti-virus and anti-malware program to remove Privacy Protection, but the effort fails and attains the same faith as other software. The rogue program seems to be more forceful than other versions from the same family. In fact, even our self-made tools to counter it attacks are not that effective.

Trying to remove the virus remotely from another PC also did not work the way we expected it to be. Privacy Protection blocks local area network access and Internet connection probably to avoid remote removal as we plan to execute. On the Internet side, attackers behind Privacy Protection prepared the software to prevent the download of any security programs by blocking the Internet connection in general. Wherein previous release, the rogue software only prohibits access to security web sites through changes it applies to proxy settings of the Internet browser.

Screen Shot Image:

Privacy Protection Scanner

Technical Details and Additional Information:

Privacy Protection Is Also Detected As:
Trojan.Generic.KD.392989 (BitDefender), Heur.Suspicious (Comodo), Trojan.MulDrop2.54093 (DrWeb), DangerousObject.Multi.AMN!A2 (Emsisoft), Trojan.Generic.KD.392989 (F-Secure), Trojan.Generic.KD.392989 (GData), Trojan.Win32.Jorik.Fraud.hdm (Kaspersky), Sus/UnkPack-C (Sophos)

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
Rogue program is the class where Privacy Protection belongs. Rogue is not typical virus that replicates once it infects the system. Privacy Protection does not spread on your hard drives, removable drives and network shares. It enters the system for the sole purpose of misleading users. Then, it sells the program in a fraudulent means.

Privacy Protection invades the computer through infected web sites that employs drive-by-download techniques. On other instances, Privacy Protection will spread as a fake software update that typically hides itself on fake Windows Accessories executable file like calc.exe, notepad.exe or cmd.exe.

Malware Behavior
Privacy Protection’s presence on the computer brings many irregularities. Your system may not function normally and in fact, it may not operate at all. After the infection, only software left working is Privacy Protection. It will scan the system and produces a bunch of false detection for several Trojans and viruses. Other misbehavior you may notice is excessive system tray alert that contains the following messages:

Security Warning!
Malicious program has been detected.
Click here to protect your computer.

Security Warning

The fake anti-virus program also displays a series of fake alerts and warning messages inclduding the following:

WARNING!
Privacy Protection has found 1
useless and UNWANTED files on your computer!
Information on removal
Potentially dangerous files were found on your system during the last scan!
It is strongly recommended that you remote them immediately.

Privacy Protection Warning

Video Tutorial (Privacy Protection Removal)

How to Remove Privacy Protection

Removing Privacy Protection with Serial Code and MBAM

1. To be able to access the Internet and run a scan, we need to upgrade Privacy Protection to registered mode. To do this, enter the following code:
Y76REW-T65FD5-U7VBF5A

2. Now that the program is running in full version, you can now access the Internet and download MalwareBytes Anti-Malware from this link.

3. After Downloading, install MBAM with the default settings. You do not need to make changes to its default installation. When done installing, the program will update its database. It will also open the scan console on its own.

4. Next, click on Perform Full Scan. Click on Scan to begin checking the entire hard drive for Privacy Protection files and registry entries. Scanning, may take a while. Please be patient.

5. After scanning, the tool will display all identified threats. Click on Show Results.

6. Make sure that threats are mark with check. Then, click Remove Selected. That will put threats into quarantine.

7. While still on MBAM console, click on Quarantine Tab. Click on Delete All to permanently removed the virus.

8. You may now close the program.

9. Proceed to number 3 of removal guide below to remove the rootkit Trojan associated with Privacy Protection.

Removing Privacy Protection Using Norton Power Eraser

This removal guide requires rebooting the computer. Please print the guide to serve as your reference later.

1. You cannot run any program while Privacy Protection is running on the computer. Therefore, we need to end the process by pressing [Windows Key] + [R] on your keyboard.

windows key + r

2. When the Run command is open, type the following on Open dialogue box: Taskkill /f /im privacy.exe

Click on OK to stop the malicious process.

3. Next, you need to download Norton Power Eraser from Symantec’s web site. Click here.
Note: During our testing, Privacy Protection virus disables WLAN access, so we need to plug-in an RJ-45 connector to access the Internet via LAN.

4. Save the file on your Desktop for quick access.

5. When download completes, close all running applications.

6. Double-click on NPE.EXE to start scanning the system.

7. Select SCAN FOR RISKS and click on Scan.

8. Next, EXCLUDE ROOTKIT SCAN INCLUDE ROOTKIT SCAN and click on Continue. It will scan the computer. This may take some time.

Note: Due to the inclusions of rootkit Trojan in recent attacks, we need to include rootkit scanning as opposed to previous removal guide.

9. When scan is complete, NPE will display the result. Due to NPE’s high sensitivity, it may detect even legitimate files. If there are items on Suspicious category, remove the check to avoid unnecessary removal of legitimate files.

10. You should see privacy.exe (and other) file. If it is marked with check, click on FIX to start the removal process.

11. After taking out the infected file, your need to reset the computer, click on RESTART.

12. It will show removal results after restarting. Click on Done to finalized the scan.

10 Responses

  1. Jerome Henderson says:

    well when i do windows and r it says that it blocked that too.

  2. precisesecurity says:

    Jerome, try the newly added procedure “Privacy Protection with Serial Code and MBAM.” Hope it helps.

  3. Ben says:

    Did not work on my lab top. Mbam did not find anything.

  4. Mandal98 says:

    Ben, make sure your MBAM is updated to the latest database. Otherwise, it will not detect the virus.

  5. Adam says:

    I used the Norton Eraser to remove the virus and it removed it, but on restarting my laptop i still dont have WLAN access. how do i solve this issue? help guys!!!

  6. precisesecurity says:

    Adam, try uninstalling the driver of your WLAN. Restart the computer and it will reinstall on its own.

  7. Keskiyo says:

    Hi!

    I tried the Serial Code and MBAM method and it worked! It was easy and quick.

    You are awesome.

    Thank you :)

  8. Keskiyo says:

    It’s me again.

    Privacy Protection left behind RootKit.ZeroAccess, even after MBAM. However, I still had MBAM active and it alerted me of some outgoing ip addresses.

    MBAM doesn’t detect it.

    After a bit of research, I used TDSSKiller and later ComboFix. It solved the problem (or so it seems).

    Apparently, Privacy Protection usually leaves this hijacker behind, so if anyone removed Privacy Protection, they might want to check for this one.

    That’s all.

    Thank you.

  9. maggie says:

    thank you sooooo much this worked for me!! i have a dell inspiron and am signed up with norton. thank you thank you thank you!

  10. Luis says:

    Thank you for posting this fix on You Tube to remove Privacy Protection. I have a virus protection program and I still got it….Leaves me no hope for being virus free. Thanks to your You Tube video I was able to remove it with NPE. Thank you thank you thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *