Privacy Protection disguises as anti-virus software. Obviously, it is a member of a rogue family using the same console from older variants. With the rebirth of this new model, Privacy Protection demonstrate same old damages with new authority over other programs installed on the system. It blocks execution of any software and if you try, it will announce that the file is infected. The alert will contain this message:
Program.exe cannot start!
File Program.exe is infected by W32/Blaster.worm.
Please activate Privacy Protection to protect your computer.
We try to run anti-virus and anti-malware program to remove Privacy Protection, but the effort fails and attains the same faith as other software. The rogue program seems to be more forceful than other versions from the same family. In fact, even our self-made tools to counter it attacks are not that effective.
Trying to remove the virus remotely from another PC also did not work the way we expected it to be. Privacy Protection blocks local area network access and Internet connection probably to avoid remote removal as we plan to execute. On the Internet side, attackers behind Privacy Protection prepared the software to prevent the download of any security programs by blocking the Internet connection in general. Wherein previous release, the rogue software only prohibits access to security web sites through changes it applies to proxy settings of the Internet browser.
Screen Shot Image:
Technical Details and Additional Information:
Privacy Protection Is Also Detected As:
Trojan.Generic.KD.392989 (BitDefender), Heur.Suspicious (Comodo), Trojan.MulDrop2.54093 (DrWeb), DangerousObject.Multi.AMN!A2 (Emsisoft), Trojan.Generic.KD.392989 (F-Secure), Trojan.Generic.KD.392989 (GData), Trojan.Win32.Jorik.Fraud.hdm (Kaspersky), Sus/UnkPack-C (Sophos)
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Rogue program is the class where Privacy Protection belongs. Rogue is not typical virus that replicates once it infects the system. Privacy Protection does not spread on your hard drives, removable drives and network shares. It enters the system for the sole purpose of misleading users. Then, it sells the program in a fraudulent means.
Privacy Protection invades the computer through infected web sites that employs drive-by-download techniques. On other instances, Privacy Protection will spread as a fake software update that typically hides itself on fake Windows Accessories executable file like calc.exe, notepad.exe or cmd.exe.
Privacy Protection’s presence on the computer brings many irregularities. Your system may not function normally and in fact, it may not operate at all. After the infection, only software left working is Privacy Protection. It will scan the system and produces a bunch of false detection for several Trojans and viruses. Other misbehavior you may notice is excessive system tray alert that contains the following messages:
Malicious program has been detected.
Click here to protect your computer.
The fake anti-virus program also displays a series of fake alerts and warning messages inclduding the following:
Privacy Protection has found 1
useless and UNWANTED files on your computer!
Information on removal
Potentially dangerous files were found on your system during the last scan!
It is strongly recommended that you remote them immediately.
Video Tutorial (Privacy Protection Removal)
How to Remove Privacy Protection
Removing Privacy Protection with Serial Code and MBAM
1. To be able to access the Internet and run a scan, we need to upgrade Privacy Protection to registered mode. To do this, enter the following code:
2. Now that the program is running in full version, you can now access the Internet and download MalwareBytes Anti-Malware from this link.
3. After Downloading, install MBAM with the default settings. You do not need to make changes to its default installation. When done installing, the program will update its database. It will also open the scan console on its own.
4. Next, click on Perform Full Scan. Click on Scan to begin checking the entire hard drive for Privacy Protection files and registry entries. Scanning, may take a while. Please be patient.
5. After scanning, the tool will display all identified threats. Click on Show Results.
6. Make sure that threats are mark with check. Then, click Remove Selected. That will put threats into quarantine.
7. While still on MBAM console, click on Quarantine Tab. Click on Delete All to permanently removed the virus.
8. You may now close the program.
9. Proceed to number 3 of removal guide below to remove the rootkit Trojan associated with Privacy Protection.
Removing Privacy Protection Using Norton Power Eraser
This removal guide requires rebooting the computer. Please print the guide to serve as your reference later.
1. You cannot run any program while Privacy Protection is running on the computer. Therefore, we need to end the process by pressing [Windows Key] + [R] on your keyboard.
2. When the Run command is open, type the following on Open dialogue box: Taskkill /f /im privacy.exe
Click on OK to stop the malicious process.
3. Next, you need to download Norton Power Eraser from Symantec’s web site. Click here.
Note: During our testing, Privacy Protection virus disables WLAN access, so we need to plug-in an RJ-45 connector to access the Internet via LAN.
4. Save the file on your Desktop for quick access.
5. When download completes, close all running applications.
6. Double-click on NPE.EXE to start scanning the system.
7. Select SCAN FOR RISKS and click on Scan.
EXCLUDE ROOTKIT SCAN INCLUDE ROOTKIT SCAN and click on Continue. It will scan the computer. This may take some time.
Note: Due to the inclusions of rootkit Trojan in recent attacks, we need to include rootkit scanning as opposed to previous removal guide.
9. When scan is complete, NPE will display the result. Due to NPE’s high sensitivity, it may detect even legitimate files. If there are items on Suspicious category, remove the check to avoid unnecessary removal of legitimate files.
10. You should see privacy.exe (and other) file. If it is marked with check, click on FIX to start the removal process.
11. After taking out the infected file, your need to reset the computer, click on RESTART.
12. It will show removal results after restarting. Click on Done to finalized the scan.