Posts Comments

User Protection Virus Removal

By admin on April 2, 2010 Leave a Comment

User Protection is a fake anti-spyware program that belongs to the same family of rogue security software as Paladin Antivirus and Dr. Guard, which tries to trick users into paying for a software license. Once installed on the computer it will block many other Windows programs from running including most antivirus clients. It can be very hard to even install software when this virus is running.

The purpose of this kind of malware is to trick users into making a purchase by scaring them into thinking they have all these viruses installed on the computer.

In many cases users get infected with this kind of virus because they where tricked into installing it. It can be very hard to remove. If you are infected with this then you should attempt to boot into safe mode with networking and download and run an antivirus client to remove it.

We do list manual removal steps below that are know to work against this virus threat. Most users who get infected with malware such as this got that way because they did not have an antivirus client installed or the one they where using does not have active protection to block viruses from installing. While free client are great, most do not have the upfront live protection computers need.

User Protection

User Protection

» Download User Protection Removal Software

As soon as you find a copy of this rogue program on your computer, you should take measures to delete this. Removal process involves stopping processes, unregistering DLLs, deleting files and folders and removing registry entries.

User Protection Manual Removal Procedures

The first step you must take in order to remove this is to stop the following processes:

  • asr64_ldm.exe
  • uninstall.exe

The next step is to unregister the following DLL files:

  • drgextdll
  • drghook.dll

To complete file removal, delete the following files and folders:

  • %Documents and Settings%\[UserName]\Desktop\User Protection Support.lnk
  • c:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
  • c:\Program Files\User Protection
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\User Protection.lnk
  • %UserProfile%\Desktop\User Protection Support.lnk
  • %UserProfile%\Desktop\User Protection.lnk
  • %UserProfile%\Desktop\usrprot.exe.txt
  • %UserProfile%\Local Settings\Temp\4otjesjty.mof
  • %UserProfile%\Local Settings\Temp\usr.dat
  • %UserProfile%\Local Settings\Temp\usrr.dat
  • %UserProfile%\Start Menu\Programs\User Protection

User Protection Registry Removal Proedures

File removal alone is not sufficient to properly delete User Protection. It is required to delete the following keys and settings for complete User Protection removal:

  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\User Protection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\User Protection
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “User Protection”
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1?
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\User Protection
  • HKEY_LOCAL_MACHINE\SOFTWARE\User Protection
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "User Protection"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"

Now your computer is completely safe from the rogue security application named User Protection. In order to make sure of this fact it is recommended to scan the entire PC using legitimate antivirus software such as Spyware Doctor with Antivirus so that it is possible to identify all other threats and malicious components that may still be present.

User Protection Directories:

  • c:\Program Files\User Protection\

Outside Resouces:

http://answers.yahoo.com/question/index?qid=20100321090846AAWCRso

Filed Under: Virus Removal Tagged With: , , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.