Security Protection - How to remove?

 

Security Protection is a rogue antispyware program that was designed by computer hackers who are looking for easy ways to get money from ordinary computer users. The functions of Security Protection are based on tricking computer users into thinking their systems are infected and selling its fake software as a reputable antivirus program.

Once installed to the system, Security Protection is started on the system with each computer reboot. The infiltration is performed by a Trojan virus. Unfortunately, computer user is not able to see it. The program automatically starts running it system scanner which unfortunately only imitates looking for infections. Finally, Security Protection displays a list of supposedly detected infections and recommends removing them with a full version of its program. In reality it only expects to get money from you as it warns about non-existent infections.

Moreover, it floods computer with a bunch of security notifications and pop up ads which is not only very annoying but these messages also give false information. Despite all the nasty information that is given there, do not take it for granted.

Do not trust in Security Protection under any circumstances. If you have already purchased it, contact your credit card company and dispute the charges. Remove Security from your computer using a legitimate antispyware program, such as spyhunter or Malwarebytes Anti-Malware. Remember that you have to use the latest version of it, so upgrade your antispyware before using it.

S!Ri has posted this serial to remove Security Protection: SL55J-T54YHJ61-YHG88. This will disable various pop up messages and allow you running an antispyware program.

 

Automatic Security Protection removal tools

 
  Download Spyhunter for Security Protection detectionNote: Spyhunter trial provides detection of parasite like Security Protection and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 

Manual Security Protection removal

 

Important Note: Although it is possible to manually remove Security Protection, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.

Files:
Registers:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Security Protection infected files and get help in Security Protection removal by using Spyhunter scanner. 

 

Security Protection screenshots

 
security_protection
 
 
 
 
 
 
 
 
 
 
 

113 thoughts on “Security Protection

  1. greg
     

    Useless information, basically an advertisement for Spyware Doctor which you have to PAY for to get the virus removed.
    To remove this virus:
    1. start computer in safe mode with networking (press F8 at start before Windows begins to load.
    2.Go to Malwarebytes.com and download free version
    3.Install, update and run it
    4. restart in normal mode and run it again just to be sure.
    5. Done

     
    1. admin
       

      Greg:
      Thenk you for your input. We recommend scanning with Malwarebytes as well. However, I believe today malwarebytes researchers posted that they can remove current version of Security Protection. At any point of time one program might fail to remove fresh versions of parasites and others will be able to do so.

       
  2. Ramaloo
     

    Hi Greg,
    Thank you very much for the instructions how to get rid off “security protection”.
    It is very clear and helpful. Malwarebytes cleaned all this garbage away. Now I have installed Bitdefender Total Security 2011 to keep all these parasites away.
    :-)

     
  3. dang
     

    hi Greg

    I have a computer with windows 7. my computer has a problem with security protection .. I tried safe mode, but it didn’t work with window 7 .. please help.
    thanks

     
  4. donna
     

    won’t even allow me to down load in safe mode.

     
  5. Dena
     

    Greg thank you for the info you posted. these people “security protection” are getting smarter by the minute. isnt there some kind of laws. these people need to be brought up on criminal charges.

     
  6. Jarek from Poland
     

    In case you can’t boot your PC in Safe Mode with Networking or you can’t delete the malicious files manually, you can use this code SL55J-T54YHJ61-YHG88 and any email to register the rogue application in order to stop the fake security alerts.

    Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly. If you need help in removing Security Protection from your computer, please leave a comment below. Additional information about this malware and comments are welcome too. Good luck and be safe online.

     
  7. Mick
     

    Thanks Jarek – I couldn’t boot into safe mode either but your code allowed me to register and d/l Malwarebytes – worked a treat!

     
  8. Anne
     

    Thanks so much for the help! This made my life so much easier when I was removing these nasty bugs.

     
  9. judie
     

    I appreciate all the info. about security protection!! I agree w/greg that it’s worthless info. and very frustrating. No one should have to pay to get rid of there garbage. It’s on my daughter’s comp. when i am done here i am going to try it. Keep your fingers crossed that it work.

     
    1. admin
       

      Judie: you do not need to pay if you use free trials or (in case of legitimate paid programs) delete the files yourself. I would still recommend getting a decent antivirus and anti-malware afterwards to keep PC safe from similar infections

       
  10. judie
     

    jarek, i tried doing what greg said, and it’s still there. where do i use the code at to try to get rid of security protection. I’ve tried for atleast a hour and it’s still there.HELP

     
  11. wirtec
     

    when visting a site of the belgium government (reprobel:thanks guys) I was declaring my taxes ;) my pc (weekly updated) was contaminated, microsoft securtiy essentials (my new and uptodate scanner ;) was disabled, regedit, cmd prompt, pstools, internet explorer; could not do anything, never saw a virus like this, thanks for the serialnumber (which i found on anaother computer), that gave me some time to delete the virus and update my windows …

     
  12. DdAVID RICHARDS
     

    Security Protection hit my computer on 7/14/11 And this virus has really gottne sophisticated. This was horrible. I could not do anything. I could not open programs, nor could I go on the internet to download anything. What we ended up doing WAS using STOPzilla and it worked really well. Just thought I would mention it.

     
  13. judie
     

    I just wanted to thank Ddavid RICHARDS for suggesting STOPzilla!! It really works. I tried for hours(several times)what greg did and it didn’t work. I did STOPzilla one time and it’s all gone!! Yay!! From the bottom of my heart- thank-you again.

     
  14. Mrs. N
     

    Got it too, so I have a dumb question: how do you use STOPzilla if you can’t get onto the internet? I’m going to try the code/e-mail tonight but just want to prepare. Sat on the phone with McAffee last night for an hour trying to get help (since I PAY for their service each year) and in the end, the rep said I need to pay a technician to help me. For the very low fee of $170!!! What the heck was I paying the $40 per year for? I am such a dunce! Thanks for any help/tips.

     
    1. admin
       

      Mrs. N. Disable proxy server in the browser. In many cases some of the malware removers CAN overcome malware that blocks internet access, not sure how it is with stopzilla. The best bet is downloading removers on separate usb drive on clean pc. It is good idea to download more than one of them.

       
  15. d tang
     

    my OS = Windows7 (64bit version)

    How to use code = SL55J-T54YHJ61-YHG88 to register the rogue application in
    order to stop the fake security alerts??

     
  16. Mrs. N
     

    I was able to finally get through! Thank you for the help. However; when I downloaded STOPzilla, it won’t remove any of the spyware until I pay to use their service. Should I go ahead and pay for it to get those suckers removed?

     
    1. admin
       

      Mrs. N
      With stopzilla, one should be careful of legitimate files to be removed (thats my personal experience). As far as i know, if you close window without buying stopzilla, they will offer a limited full trial for couple days. Or you could try trial of Hitman Pro (30 days) /mbam.
      A decent paid Anti-Malware program will protect from similar parasites in the future, so I would install one together with internet security suite (I use ESET smart security + Spyware Doctor myself ).

       
  17. Mrs M
     

    Thanks Jarek…you were a really great help I used the code and was able to get the parasite off my computer.

     
  18. Deb H
     

    I still don’t understand how to use code = SL55J-T54YHJ61-YHG88 to register the rogue application in
    order to stop the fake security alerts. Could someone please explain?

     
  19. Morgan
     

    @greg
    Greg, your suggestion worked perfect. We’re back online. THANK YOU!

     
  20. Graham Bromley
     

    @admin
    I had a similar problem about 12 months ago and cleared it with Eset Nod32. On the strength of that I purchased a full version of Nod32 and guess what? I got hit with “Security Protection” two days a go. I was lucky and managed to clear it with MalwareBytes (in safe mode). What bothers me is that it got past Nod32!!

     
    1. admin
       

      Graham: 2 things. No antivirus is 100% (though all lie :) ). There is a time delay from seeing first infection, infection landing into research centers and research centers developing a fix for that infection and distributing them to users.
      Secondly, nod32 does not have firewall module (only smart security has). I use ESET smart security myself, though if you feel that NOD32 does not deserves your trust, you could switch to Kaspersky.

       
  21. NITA
     

    @Jarek from Poland
    Thank you for that code it worked, you are a life saver.

     
  22. chonye
     

    thank u greg!!!! finally managed to remove the virus!!! am grateful for ur help

     
  23. Gaurav Ail
     

    Well I was hit by security Protection today and the experience was horrible even I had McAfee and ya it didn’t help me stop it …… Finally I restarted the computer in safe mode without networking and then I was able to run system restore …. so I restored my system to the automatic restore point created which was for one week ago …. and it seems to have worked

     
  24. Mick
     

    When my roommate got the Security Protection Virus we tried all our virus protection programs and the virus would not let them open and would not let us access internet. Could not start system restore. So what I did was clicked control/alt/delete and held those keys down long enough to get Start Task Manager to open and still holding the control/alt/delete keys down and click on Security Protection and then click on end task. That shut the virus down and from there we did a system restore and now everything is 100%. You may have to play a little with the release time on the control/alt/delete keys a bit, but it should work, It did great for us…Good Luck!!!

     
  25. Scooter61
     

    Greg, Thank you, thank you, thank you. My 16 year old got a new HP laptop one week ago and it got infected with “Security Protection”. Opened in “safe mode with networking” per your instructions and used malwarebytes.com to remove. I now downloaded free version of Avasti.

     
  26. NS
     

    Got same problem today :( I have Kaspersky Internet security software.. Could any one please please help me? I don’t get how to add that code- SL55J-T54YHJ61-YHG88 and where exactly? Could any one please help me out? :(

     
  27. DN
     

    Thnx for the code.It worked. Owe you a cold one!

     
  28. Sam
     

    “Security Protection” virus is easy to remove without downloading any software. This virus got me today. The McAfee and Microsoft Security Essentials totally ignore this virus ( McAfee may welcome it). Here is what I did in Win 7.

    1. Check to see if you can open the “Windows Explorer” which I could. Put cursor on “Start”, right click, and “open windows explorer”.

    2. Go to “C:\Users\yourName\AppData\Local” and/or “C:\Users\yourName\AppData\Roaming”. I had it in “roaming”.

    3. Sort the directory by latest modified.

    4. I found an exe file called “defender.exe” dated today. You can not delete this file because it is being used. But you can rename the file to say “defenderXXX.exe.

    5. Restart.

    6. Run “msconfig.exe” and uncheck defender.exe line item. And/Or you can registry.exe and search for “defender.exe”. It will be in “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run”. Remove this line. Delete the “defenderXXX.exe” file. Close all windows, and restart.

    Good luck…

     
  29. Wei
     

    Can someone tell mehowto use the code? I tried “safe mode with networking”, but internet won’t start to help me get malwarebytes. Thanks!

    Also, will computer stores help you with these things?

     
  30. jan
     

    @greg
    Did you have an answer for the person with Windows 7? This program has my computer locked up where I cant access any files or get online, I am stuck, when I try to get into safe mode I can’ do that either.

    Thanks

     
  31. Nicholas
     

    Heyy everyone i just had this virus. and i got rid of it thanks to your help. well and my mates help but yeah
    Thanks

     
  32. Brenda
     

    What are the steps to using the code?

     
  33. arnold
     

    the code works great, and for those who still don’t understand how to use it, you click the “activate now” button and write in any random e-mail and the code in the two fields and click “activate”.

     
  34. Sara G
     

    It won’t let me open any Internet so that I can download a real security program? Any idea how I can download a real one?

     
  35. Hal
     

    Sara G: Here is what I did: Computer is Windows Vista. Started computer, held down the F8 key continuously until the screen came up asking which “safe mode” to come up in. I selected Safe plus Networking. Computer them came up OK in Safe mode. I started Firefox bowser, then went to the malwarebytes.org website. I downloaded, installed, and ran this software. Restarted computer, now it works fine

     
  36. Rafael
     

    thank you sooo much Greg

     
  37. Keith
     

    Hi all,

    I am infected with Security Protection. I am able to use safe mode to get online, but malwarebytes.com changes to bleepingcomputer.com when I hit the free download. Is that right? Suggestions? thanks

     
    1. admin
       

      Keith: That is one of the locations that distribute/host mbam executable, it is ok.

       
  38. jeeva
     

    i need security activation email id and code , my system was affected by w32/blaster file

     
  39. agnes
     

    thank you so much for the code. Just got a new dell inspiron one desk top which got infected by security protection virus. Hopefully it’s gone forever! Good day!

     
  40. Keith
     

    thanks for getting back to me. the virus seems to have advanced, because when I attempt to download it just keeps redirecting to other sites. Can’t complete the download. I’ll keep at it…

     
  41. dinkeyB
     

    Thank you – The deactivation code worked perfectly.

     
  42. Linda
     

    Clarification needed on how to use the code. Someone wrote to “click the “activate now” button and write in any random e-mail and the code in the two fields and click “activate”.” Does this mean you click the activate now button on the actual “Security Protection” screen?

     
  43. naxas
     

    thanks guys, that Stopzilla helped me a lot. I would suggest others to buy one cost $9.95 to delete all those bugs. Now, I can open my Window 7 at normal mode.

     
  44. Judetheobscure
     

    re: Linda’s question You click on the “activate now” button and type in a random email address, plus the code.

    One caveat though, I did this and, although it stopped the pop up windows for the short term, I am still not yet able to get rid of it using Malwarebytes or AVG. Both are running in safe mode. Malwarebytes appeared to get rid of it, and then it was back.

    Good luck! I’d welcome any other advice about getting rid of this menace.

     
  45. Vince
     

    Greg! You are a God-send! This process totally worked. I thought I was screwed. I could not open anything because of that Security Protection scam. I thought I would have to take it in but it worked like a charm! Thank you for posting this!

     
  46. Khari whiteheAd
     

    Thanks for This information it saved me.

     
  47. Laura
     

    I found this info VERY helpful! I just put in the activation code as suggested, then closed the program. I then simply had to scan for virus’ using my own virus protection program and I was done. No other issues after that.
    THANKS!

     
  48. Jim Cena
     

    Got hit by the virus on Sunday August 21. Tried everything to remove it. Contacted spyzilla and was told to pay them $99 approximately and they would remotely fix it. I declined and researched a bit more. I read the post by Gaurav who restored his computer and cleaned the virus, so I tried it. I restored the computer back to August 16 and “Presto” the virus was gone. It took a few minutes to load system restore in safe mode without networking but this did the job. Easiest fix mentioned on this blog. I then loaded free version of malwarebytes.org and there is peace in the land once again.

     
  49. rampa
     

    @Jarek from Poland
    Thanks a lot my friend… your are great

     
  50. Judee
     

    @Greg,

    Thank you so much.

     
  51. Julie
     
     
  52. kevin junior
     

    hey buddy, you have done what is required at the moment.
    i just cant believe that my laptop got Security Protection virus(on aug21, 2011), despite being antivirus program available, i couldnt open anything, not even antivirus prgm. it was just like dream cm true when i accessed this website through my samsung galaxy s2 mobile, and thats how i had got rid of tht Malicious prgm.
    i was deeply annoyed and sad just my laptop got infected, only after 1day of my purchase of internet plan of 15GB/Month.
    what i thot was-anyhow i got a good amount of browsing data plan, i can use laptop to the max extent, and boom. . my all future prefictions were shattered, when i got this Malware., and got rid of this one pretty soon, in just a days time, thru this website.

    also i rebooted my dell studio laptop and entered into safe mode, i was able to transfer all my files to external hard fisc drive.

    I still dont have words to describe your effort and dedication to post this useful information in this website. thanks a tonne, dear pal.

    thanks a lot and keep doing these kinda good work, hats off to you.

    warm regards,
    kevin

     
  53. Carmen
     

    I got security protection virus last night on my very old gateway tablet pc laptop. I had to go to work this morning so when I get home I’m gonna try a system restore. Idk what that’s gonna do for me but from what I tried this morning I can’t open any files. I really don’t have the money to pay to get this fixed. What I need to know is if a system restore will work and if not what if I put the original disks in that came with the computer. I’m not the most computer savvy but I’m not the worst either. Please if anyone can help me please do.

     
  54. Nick
     

    I tried safe mode but it wouldn’t work helllllpppppp

     
  55. Paula
     

    Gracias por la ayuda.

     
  56. Frank Rankin
     

    I am certainly happy that you geeks have time to think up malicious ways to scam the average non geek computer user. It sure is fun to be in the middle of some mindless net surfing and the laptop starts beeping and official looking screens start popping up telling the user his computer is infected with malware, spyware and child pornography. My message to you twisted programmers is simple, eat shit and die.
    Frank Rankin

     
  57. CMeridian
     

    I still didn’t understand how to use the code until I saw this on youtube. They show you where to enter code SL55J-T54YHJ61-YHG88 around 4:10.

    http://www.youtube.com/user/ChanSiuTong#p/a/f/1/-WRvOlFqC50

     
  58. KCho
     

    Okay so i tried malwarebytes and a few other things including system restore and security protection seems to be gone. but the internet is still not working. is it because it’s wireless? i tried to system restore twice more and they didnt work. and whenever i boot my computer, something pops up which says windows status update or something. and i have to click on cancel for about 20 times to make it disappear. my avast! is working, which means security protection is not the one who broke my internet, right? damn i hate this security crap.

     
  59. dannypogi
     

    worked for me……thanks a lot GREG. you’re a big help pal..

     
  60. David Patrick
     

    I have a dell mini that has been infected with security protecting. It will not allow me to do any of the above suggestions. I wish I could wipe out everything and start over I have an installation cd that hooks up through the usb. All attempts thus far have failed.

     
    1. admin
       

      David : You could reinstal or try alternate OS scanners.

       
  61. Helen
     

    I don’t understand the code thing. I cannot download anything. Please help with security protection.

     
  62. Assin warren
     

    I used the code given to activate security protection to fix the problem. However I still have a problem installing any anti-malware program onto my computer (Even in safemode with networking). I was wondering if maybe my anti-virus program (mcafee) would be getting in the way. Also when I used the default windows scanner program it did pick up the viruses, but it noted that its location was not found and I was also unable to find the rouge files using windows explorer. I was wondering if my computer is still at risk for having an active security protection or if I should just use system restore to get rid of the problem and hope I don’t get the virus again. Thank you

     
    1. admin
       

      Assin: poor chances that system restore will fix everything, but you can try.
      Have you tried running anti-malware programs from safe mode with networking Or using alternate OS scanners ?

       
  63. mohammed
     

    you guys are too complicated.. just do system restore.. and bam its gone.. . go to safe mode with networking … do system restore.. bye bye security protection

     
  64. Assin warren
     

    @admin

    Yes; I tried downloading spyware doctor, STOPzilla and Malwarebytes onto my computer while in “safe mode with networking” and none of them were able to sucessfully install. Should I deactivate my current Anti-virus system?

     
  65. dean
     

    Here’s what I did to remove it
    1. Rebooted on safe mode(no networking)
    2. went to my computer
    3. went to local drive
    4.went to users
    5. went to the main account i use(in my case it was dean)
    6.went to AppData
    7.went to roaming
    There was then a file titled “defender” with the security protection logo. Don’t open the file, delete it first, or you will get an error message saying it is running in another program and can’t be deleted, thus having to repeat the process. I then rebooted the computer on normal, and, everything worked again. Hope this helped.

     
  66. Assin warren
     

    I’m not sure if this is helpful, but for all of the failed installation the reason was “error 5: access denial”

     
    1. admin
       

      Assin : Try right-clicking on executable and choosing run as administrator. Try doing system restore and scanning for leftowever after.

       
  67. josh allen
     

    Would windows firewall be an effective way to prevent the return of this virus or should I get this anti-malware program.

     
    1. admin
       

      josh allen: Firewall protects from network intrusions (mostly worms and some hackers). It is not effective against trojans that much. I would recommend a decent internet security suite or antivirus and anti-malware programs.

       
  68. Assin warren
     

    @admin

    Yes I tried using Malwarebytes, Spyware doctor, and Stopzilla all while in “safemode with Networking” I also have my proxy servers disabled on firefox. If it is any help the reason for the failed installations were Error 5: Access Denial. However, I deleted security protection from my computer.

     
  69. Beth Rose
     

    I downloaded Malwarebytes but it only cleaned 100 files and wants me to purchase their product for $29.95 to clean the remaining error files. Anyone else getting this? So I need to purchase it? I thought it would clean it all even though this was a trial.
    The code SL55J-T54YHJ61-YHG88 and a fake email address did work once I clicked on “activate” on the home page of Security Protection. So thank you!!

     
  70. Joe
     

    @Jarek from Poland
    Hi, i used the registration number, and it let me get on the net one time, I tried kaspersky and it did not remove the virus, now I cannont access the internet, and it shows I have no cd drive to load any other programs manually. Any suggestions?

     
    1. admin
       

      Joe: try doing system restore to date prior infection. It might be your drivers got corrupted while removing Security Protection

       
  71. Danielle
     

    @Jarek from Poland
    What do you put the code into? Where do I go to get something that will even allow me to put the code into?

     
  72. zaye
     

    I used Stopzilla, but all of my old files are gone. Can I get them back? Are they hidden?

     
    1. admin
       

      Zaye: try using file search. They might be hidden or copied to temporally file folder .

       
  73. Janet
     

    Our computer (Windows xp)is in safe mode, keyboard and mouse are not recognized, so we have no control of our computer. Unfortunately we restarted our computer while in safe mode, so now is there anything we can do to get the computer to recognize the keyboard and mouse and gain control again? Thanks

     
  74. Casey
     

    My widest pc just got this virus yesterday. It won’t even load Microsoft. It loads up the Microsoft loading bar then goes to the Vista signal and goes to a black screen. One time I saw the log on box then black screen. Safe mode still works but I already had malwarebytes on the pc but no updates. So I used my thumb drive and updated. Nothing changed. Help please!! :-(

     
  75. Luna
     

    Greg – thank you for your guidance! Your advice helped get rid of the “security protection” virus on my computer.

     
  76. S j
     

    I like one other person above seem to have a more advanced versio that when you try to download any virus protection or malwarebytes etc, it redirects you to a fake website. It also appears to have disabled avg in some fashion. It would also disable malwarebytes in normal mode but it will run in safe mode. Any suggestions how to fix the Internet rerouting?

     
    1. admin
       

      S J. Try running TDSS Killer first.

       
  77. S j
     

    Not familiar with tdss killer?

     
  78. S j
     

    Ok find tdss killer and ran it. Avg became functional again on reboot to normal mode, but upon starting a scan found that many malwarbytes and a avg files have become infected with katisha.a virus. Next step? :( if doing a restore to system defaults and factory settings will wipe everything clean I would consider that a viable option at this point. I dont want to access the Internet for fear of something else happening with who knows what on the system. So in short what is the step to kill katusha.a?

     
  79. S j
     

    Katusha.a is what I meant

     
    1. admin
       

      S. J. Katusha.A is likely to be fake infection. Try rebooting into safe mode with networking and running Malwarebytes. Or try right-clicking on executable and choosing run as administrator.

       
  80. seth
     

    gregs website worked i guess. now my mom believed im not watchn porn cause the rogue anti-spy thing said so. -.-

     
  81. Ben
     

    Why didn’t McAfee prevent this from happening?

     
  82. sue
     

    the activation code no longer works.. guess they caught up with it. Nother one maybe?
    sue

     
  83. Nikos
     

    By the way I got this Virus as well on my work laptop. Impossible to remove! If you have an active working internet connection Security protection will run. I tried removing it as well by following all the information available on the web in safe mode with and without networking, in regular mode with or without networking, to no avail. As soon as you enable networking again Security Protection will run in Safe & Regular modes. I even ran Malwarebytes 3 times in Safe mode with NO networking and even though it looked like all virus instances were gone, as soon as I rebooted and used networking it came back and disabled everything. Also my work laptop has this expensive McAfee Enterprise edition which is obviously worth crap as it never detected the virus and then of course McAfee was completely disabled by the virus. Very annoying and frustrating. I even physically removed the hard drive from the laptop, connected it via USB to one of my working tower computers and ran the works on it. Windows Defender, Malewarebytes, Windows Security Essentials, Spyboot. Nothing helped!!! Looks like tomorrow I am going back to work and IT will be going a complete reformat. I just have to backup some work files so I can get back to working once I get the laptop back. From my personal experience with this I only have ONE recommendation to all you PC people. BUY A MAC!!!

     
    1. admin
       

      Nikos: Run TDSS Killer and Spyware Doctor. Windows Defender is poor defense against this malware, its database is included in MSE. Spybot is not so good these days.

       
  84. Nikos
     

    Nope still no good. Tried both recommendations. About 5 minutes after I turned on my wireless card on the laptop, one of my svchost processes started to leak memory and the Security Protection virus window showed again.

     
    1. admin
       

      Niklos: Run full Kaspersky scan. For me it looks like fresh trojan downloader.
      Alternatively: Run Process explorer. Make sure you see processes path. Look for processes in %TEMP%, %AppData% or similar. kill one by one. Most of them will be malware processes. However, you will not be able to remove rootkits that way.

       
  85. Nikos
     

    Hi admin. I already turned in my laptop to IT. I already backed up all my important working files. They will format the hard drive, re-image it and give it back by the end of the day today. However maybe you can help me understand something. Why is it this virus only works when connected to my wireless home network? Last night at home I tried one last time to remove the virus, it looked like it worked and as soon as I enabled my wireless connection on the infected work laptop, 5 minutes later sure enough the Security Protection window came back. So after 4 days of fighting with this I gave up last night and just turned off my laptop, and last I know left it infected. This morning I came to my office, connected my laptop to my dock station, which has a hard wired network connection, and the virus never started like it doesn’t exist anymore. Do you know why is this happening? Could it be my Linksys N router that is the problem? The router has been password protected and secured since I purchased it and ALL my firewalls are on and I even disabled JAVA & ActiveX usage from withing my router. I have other laptops in the house using the same wireless home connection and I never had issues with them. I have assigned static IP addresses for every specific device. Could it be that this virus is looking to attack a specific wireless IP address on a device? And how in gods name did this virus even get through my router. I have gotten a virus ONLY 2 times in the past 15 years and both were on my work laptop.

     
    1. admin
       

      Nikos:
      1. Check what machines are connected to your wireless router (list mac addresses), there might be another machine that spreads the infections through network vulnerabilities.
      2. If you get re-infected again once at home, update your router firmware (from linksys page) and change the DNS on router to ones recommended by your ISP
      3. In many cases it is a trojan downloader hidden or an rootkit (well, same trojan but overriding system calls). they need network to redownload parasites.
      4. Sometimes it is malicious dns settings or other malicious config, set up by previous infection. So when you connect network, some system process initiates re-download of malicious processes.
      5. Get a firewall or internet security suite for your machine.

       
  86. Tina
     

    A friend of mine got the messages saying that he had thousands of trojans and viruses and to download Security Protection. Because the logo it has looks like a Window’s / Microsoft logo he downloaded it, installed it, scanned his computer, then paid $60.00 to buy the full version to repair all the things it said his computer had. Days later he called me and said help! He purchased the program with his debit card instead of Visa so the bank says there is nothing he can do to get his money back. Just another complaint about all these bad things and how they fake people who don’t have a clue into buying them.

     
  87. Nikos
     

    Admin. I actually use the Wireless MAC filter feature on my router, so only my physical address wireless devices are allowed, plus you need the password. My work laptop does have it’s own enterprise edition McAfee edition, host intrusion with the works. Obviously it’s worth crap as it never saw this virus coming let alone catch it before installing itself. The rest of my home computers have NEVER had any firewall or antivirus programs and have NEVER been infected with anything. I change my wireless security password every 3 months.

     
    1. admin
       

      Then it is either 3 or 4 :)

       
  88. AshleyDennis123
     

    I need HELP! I was watching hulu and the screen went blank then pops up the SECURITY PROTECTION! LIES!!!!!Stupid thing has rendered my pc useless. It will not let me run any programs in regular mode. Run it in safe mode and tried to download some virus savers that were suggested on here and they download just will not run. says there is an error. I need help so bad. I can not do a system restore because i do not have one that goes back far enough to get rid of it. PLEASE!

     
  89. Rhonda
     

    OMG this virus is awful..I basically followed Greg’s advice but it was not easy as it seemed it would be, you HAVE to mess around alot to the point you want to chuck the darn thing in the trash…I even called stopzilla they told me for $129 bucks they could fix it right away. Well I finally went on Malwarebytes.com and for free it fixed it, just beware your pc will block most attempts to download ANYTHING that will remove the virus that is the virus trying to protect itself..you may have to try several sites..plus you HAVE to be in safe mode, dont waste your time on a system restore my pc shut down everytime before it restored..f,y.i you can fix it cause I did and I am a complete moron when it comes to this stuff, i just searched all help advice sites and used it all til one worked..lol I hope the jerks that made this burn in hell!!

     
  90. Rhonda
     

    oh yeah tdskiller has to be run…no matter what message you get run it several times…

     
  91. jair
     

    I had this virus just yesterday 11/08/11 and what i did was to click ctrl alt delete and press end task and it disappeared, so my question is did I delete completely the virus or not?

     
  92. Karen Greer
     

    @Mick
    i spent three hours online trying to get rid of security protection and then i found your solution. i tried everything and finally your way worked. thanks

     
  93. Terry
     

    Security Protection has changed its method of operation. It blocks you going to Safe mode,Task Manager and the Internet and the file names are different, but strangely in the same location—it now has a u-bute colourful shield with a nonsense random name attached to it. The new version at present is unknown by the Malware programs so they do not pick it up. I ran TrendMicro over the Harddrive sitting in a USB docking port—nothing found—what I did do was look at the Documents and settings\all users and found the oddly names shield, double clicked it and TrendMicro reported a Malicious program, I deleted it–have yet to see if it reconstructs itself, which I bet it does when the HDD goes back into the Laptop.

     
  94. Mick in Fl
     

    This screen is identical to one I got from Internet Security. I have Windows 7 on a 32 bit machine. Couldn’t open any programs in normal mode. I downloaded Microsoft Support Emergency Response Tool via a different computer, saved it on a jump drive, booted my infected machine in safe mode, ran MSERT (full scan) from the usb, found and removed one infected file called Win32/fakerean. Seems to be ok now, only time will tell. I just don’t know how to prevent it from happening again.

     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>