Protection System looks to be from the Coreguard Antivirus 2009 Rouge family. The removal process of Protection System is very similar just with different names. This is your standard fake security client
Protection System
»Download Protection System Removal Software
Protection System looks to be from the CoreGuard Antivirus 2009 family. Same GUI different name and traces. Like most bogus security applications this will show exaggerated and false scan results in an effort to scare the user into making a purchase. DO NOT PURCHASE THIS CLIENT. If you do you will only be handing your credit card numbers as well as the cost of the fake product over to the scammers. The fake alerts this program gives off can be very alarming. Just remember they are lies. Things like your computer is being hacked or your files are begin accessed remotely by another computer are just attempts to scare you into purchasing the product. You may even be prompted to remove other legitimate security products from your computer. We have the Protection System removal instructions at the bottom of this guide.
Some symptoms of Protection System:
- Bogus Scan results
- Auto Scans on Start-up
- Warning coming out of a fake shield in the system tray
- pop-ups and re-directs to the fake software's website
- constant warnings of being infected as well as false statements of other trojans
Manual removal instructions for Protection System ( Please read our disclaimer bellow )
Kill Protection System processes: ( Learn How to Kill a Process Here. Opens in new Window )
- psystem.exe
- uninstall.exe
We do recommend you run a full scan using SpyHunter. Even if you do not intend on purchasing the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. You may need this if it mutates. Delete Protection System registry values: ( Learn How to Edit Registry Here. Opens in new Window )
- HKEY_CURRENT_USER\Software\Protection System
- HKEY_CLASSES_ROOT\BhoNew.BhoApp
- HKEY_CLASSES_ROOT\BhoNew.BhoApp.1
- HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
- HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
- HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection System
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Protection System"
- HKEY_CURRENT_USER\software eee0bd2f-ff2e-46ef-83fb-d4fda84462a3
- HKEY_CURRENT_USER\software\protection system
- HKEY_CURRENT_USER\software\protection system data
- HKEY_CURRENT_USER\software\protection system dbsigns
- HKEY_CURRENT_USER\software\protection system dbver
- HKEY_CURRENT_USER\software\protection system fd
- HKEY_CURRENT_USER\software\protection system guid
- HKEY_CURRENT_USER\software\protection system infected
- HKEY_CURRENT_USER\software\protection system infectedfiles
- HKEY_CURRENT_USER\software\protection system lastscan
- HKEY_CURRENT_USER\software\protection system secstatus_3
- HKEY_CURRENT_USER\software\protection system secstatus_4
- HKEY_CURRENT_USER\software\protection system secstatus_5
- HKEY_CURRENT_USER\software\protection system settings_0
- HKEY_CURRENT_USER\software\protection system swver
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system displayicon
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system displayname
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system displayversion
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system uninstallstring
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\protection system urlinfoabout
Delete files: ( Hint ) Most of these files will be in the %Program Files\Protection System\ directory.
- Protection System.lnk
- Uninstall Protection
- System.lnk
- blacklist.cga
- core.cga
- coreext.dll
- firewall.dll
- psystem.exe
- uninstall.exe
- support.png
- unreg.html
- delete.png
- info.png
- plus_circle.png
- tick.png warn.png
- offline.gif
- online.gif
- voice.gif
- wingenocx.dll
Delete directories: ( Please note that in most cases everything in this folder can be deleted. Just be sure it's the correct folder 😉
- c:\Documents and Settings\All Users\Start Menu\Programs\Protection System
- c:\Program Files\Protection System ( And files \ folders within this folder)
Outside Resources:
http://malwaretips.com/blogs/remove-system-progressive-protection/
Speak Your Mind