Smart Protector

Updated: October 11, 2011 Rogue 0 Comment

Smart Protector is a bogus security application that introduces self as a lightweight tool that provides PC’s ultimate safety in one single click. This one is not the legitimate Smart Protector Pro that comes from SmartSoft, a legitimate software provider. To better distinguish differences between the original and fake ones, we include the exact image of the fake Smart Protector below including the website where it can be downloaded.

Also, the rogue Smart Protector is employing aggressive propagation method by installing the program on computers without user’s interference. This was made possible by another Trojan infection. Additionally, malicious website called “Spyware Scanner Online: Scan in Progress…” will drop this malware on computer and execute the installation on its own using a drive-by-download mechanism. After successful installation, it will pop-up its own virus scanner and begins a simulated scanning. Next, the rogue software intends to deceive victims by issuing fake detection results. It advises to register the program before it can proceed with the virus removal.

On this situation, the only thing that must get rid out from the system is no other than Smart Protector. Use a legitimate anti-malware product to eliminate the presence of this potentially unwanted application.

Screen Shot Images:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
This malware can configure itself to run every time Windows starts by adding the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “smrtprt”

Malware Behavior
The rogue security application will display excessive pop-up alerts and advertisements as promotional tactics.

Smart Protector can modify Internet browser settings and redirect web searches to the following addresses:

scan.topsecuritycenter.cn
scan.hirovecul . cn
scan.levasycu . cn
scan.join2bestsecuritynow . com
towersecuritypcshield . com
smartprotectorpro . com
gosmrtprt . com
dlsmrtprt . com

The above web sites may scan the computer and provides the following result:

smart-protector-website

[cf]regis[/cf] [cf]files[/cf]

How to Remove Smart Protector

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of Smart Protector

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Online Virus Scanner:

Another way to remove Smart Protector without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.

5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.

Automatic Removal of Smart Protector

In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Alternative Removal Method for Smart Protector

Option 1 : Use Windows System Restore to return Windows to previous state

If Smart Protector enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Smart Protector infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Smart Protector manual uninstall guide

IMPORTANT! Manual removal of Smart Protector requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Smart Protector.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Smart Protector files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Smart Protector.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:

%UserProfile%\Desktop\Smart Protector.lnk
%UserProfile%\Start Menu\Programs\Smart Protector
%UserProfile%\Start Menu\Programs\Smart Protector\Smart Protector.lnk
%UserProfile%\Start Menu\Programs\Smart Protector\Uninstall.lnk 
C:\Documents and Settings\All Users\Microsoft AData
C:\Documents and Settings\All Users\Microsoft AData\catmon.exe
C:\Documents and Settings\All Users\Microsoft AData\setup.exe
C:\Documents and Settings\All Users\Microsoft AData\sysinet.dll
C:\Documents and Settings\All Users\Microsoft AData\t.sid
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\internet.dll
C:\Program Files\Smart Protector
C:\Program Files\Smart Protector\q
C:\Program Files\Smart Protector\config.scf
C:\Program Files\Smart Protector\mmbase.sdb
C:\Program Files\Smart Protector\q.sdb
C:\Program Files\Smart Protector\queue.sdb
C:\Program Files\Smart Protector\smrtprt.exe
C:\Program Files\Smart Protector\uninstalls.exe
C:\Program Files\Smart Protector\vvbase.sdb
C:\WINDOWS\certsystem.exe
C:\WINDOWS\microsoftdef.dll
C:\WINDOWS\regred.exe
C:\WINDOWS\securits.com
C:\WINDOWS\spoov.exe
C:\WINDOWS\usexplorer.exe
C:\WINDOWS\system32\winsc.exe

Added Registry Entries:

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Smart Protector payment refund or lost serial key, kindly check the FAQ for rogue program first.