Protection System Removal

Protection System looks to be from the Coreguard Antivirus 2009 Rouge family. The removal process of Protection System is very similar just with different names. This is your standard fake security client

Protection System

Protection System

»Download Protection System Removal Software

Protection System looks to be from the CoreGuard Antivirus 2009 family.  Same GUI different name and traces.  Like most bogus security applications this will show exaggerated and false scan results in an effort to scare the user into making a purchase.  DO NOT PURCHASE THIS CLIENT.  If you do you will only be handing your credit card numbers as well as the cost of the fake product over to the scammers. The fake alerts this program gives off can be very alarming.  Just remember they are lies.  Things like your computer is being hacked or your files are begin accessed remotely by another computer are just attempts to scare you into purchasing the product.  You may even be prompted to remove other legitimate security products from your computer. We have the Protection System removal instructions at the bottom of this guide.

Some symptoms of Protection System:

  • Bogus Scan results
  • Auto Scans on Start-up
  • Warning coming out of a fake shield in the system tray
  • pop-ups and re-directs to the fake software's website
  • constant warnings of being infected as well as false statements of other trojans

Manual removal instructions for Protection System ( Please read our disclaimer bellow )

Kill Protection System processes: ( Learn How to Kill a Process Here. Opens in new Window )

  • psystem.exe
  • uninstall.exe

We do recommend you run a full scan using SpyHunter. Even if you do not intend on purchasing the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. You may need this if it mutates. Delete Protection System registry values: ( Learn How to Edit Registry Here. Opens in new Window )

  • HKEY_CURRENT_USER\Software\Protection System
  • HKEY_CLASSES_ROOT\BhoNew.BhoApp
  • HKEY_CLASSES_ROOT\BhoNew.BhoApp.1
  • HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
  • HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Protection System"
  • HKEY_CURRENT_USER\software eee0bd2f-ff2e-46ef-83fb-d4fda84462a3
  • HKEY_CURRENT_USER\software\protection system
  • HKEY_CURRENT_USER\software\protection system data
  • HKEY_CURRENT_USER\software\protection system dbsigns
  • HKEY_CURRENT_USER\software\protection system dbver
  • HKEY_CURRENT_USER\software\protection system fd
  • HKEY_CURRENT_USER\software\protection system guid
  • HKEY_CURRENT_USER\software\protection system infected
  • HKEY_CURRENT_USER\software\protection system infectedfiles
  • HKEY_CURRENT_USER\software\protection system lastscan
  • HKEY_CURRENT_USER\software\protection system secstatus_3
  • HKEY_CURRENT_USER\software\protection system secstatus_4
  • HKEY_CURRENT_USER\software\protection system secstatus_5
  • HKEY_CURRENT_USER\software\protection system settings_0
  • HKEY_CURRENT_USER\software\protection system swver
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system displayicon
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system displayname
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system displayversion
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system uninstallstring
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system urlinfoabout

Delete files:  ( Hint )  Most of these files will be in the %Program Files\Protection System\ directory.

  • Protection System.lnk
  • Uninstall Protection
  • System.lnk
  • blacklist.cga
  • core.cga
  • coreext.dll
  • firewall.dll
  • psystem.exe
  • uninstall.exe
  • support.png
  • unreg.html
  • delete.png
  • info.png
  • plus_circle.png
  • tick.png warn.png
  • offline.gif
  • online.gif
  • voice.gif
  • wingenocx.dll

Delete directories: ( Please note that in most cases everything in this folder can be deleted. Just be sure it's the correct folder 😉

  • c:\Documents and Settings\All Users\Start Menu\Programs\Protection System
  • c:\Program Files\Protection System ( And files \ folders within this folder)

Outside Resources:

http://malwaretips.com/blogs/remove-system-progressive-protection/

http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/remove-system-progressive-protection-malware/47ebd897-b843-4860-a7a2-f034acdaaf09

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.