Windows Problems Protector
Windows Problems Protector is a rogue computer security application that usually propagates by pretending to be a part of Microsoft Security Essentials alert. These two are fake, even the MSE is just a mimic of the legitimate program from Microsoft, it was not actually part of Windows but part of the rogue activities attempting to deceive computer users. This alert will detect a Trojan even it does not exist on the computer.
Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.
It advise target users to perform a scan on the computer and if executed, it will launch a fake virus scan and produce fabricated result. It will state that a threat called Trojan.Horse.Win32.PAV.64.a is detected and will require to download removal tool in the name of Windows Problems Protector.
Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
If this prompt is accomplished, it will begin to download an unregistered copy of Windows Problems Protector and install on the victims PC. This act will lead to additional malfunctions that user may experienced. Internet browser will be redirected to unsolicited web sites. Antivirus applications will stop working and desktop will be locked. It will present a solution that the only way to bring back the computer to normal state is to buy the licensed version of Windows Problems Protector. Never obtain the paid version, it is useless and costs users to pay double than expected. The best thing to do is download a legitimate anti-malware application and begin a thorough scan of the computer.
Windows Problems Protector Screen Shot:
Critical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Windows Problems Protector Removal Procedures
Manual Removal:
1. Stop Windows Problems Protector process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
(random characters).exe
2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Windows Problems Protector entries. [how to edit registry]
5. Exit registry editor.
6. Remove Windows Problems Protector start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
(random characters).exe
7. Click Apply and restart Windows.
Windows Problems Protector Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
To prevent itself from being removed from a computer, Windows Problems Protector will block applications particularly security software. It will display an error when a program is executed such as:
Windows Security alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.
Antivirus software alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Malicious Files Added by Windows Problems Protector:
%UserProfile%\Application Data\.exe
Windows Problems Protector Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = ‘%UserProfile%\Application Data\.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
Andres Jauregui
Feb 04, 2011 @ 22:22:40
Hi dear Precisesecurity.com Thanks for all the help u did with this tutorial,was very help me alot save a lot hours & work for no reinstall all OS & programs. By do way I’m glad have malwarebyte full on lest of a minute found 4 objetes infect still running, [is not finish yet lol] thanks keep up the good work ^_^
Zaini
Feb 12, 2011 @ 18:57:46
@ Andres Jauregui:
if some files of this virus are still lurking there in your pc after the manual removal steps, then you should run the auto removal tool. and if itr happenes after using the uato removal tool then do the manual removal steps instructed on this page.
good luck