How to remove VirusProtector

VirusProtector remover

VirusProtector removal process

For remove VirusProtector virus,please clean/delete all VirusProtector infected files and Delete/Modify any values VirusProtector added to the registry as following:
Behavior
The program must be manually installed.

It can be downloaded from the following location:
[http://]antivpc.com

The program reports false or exaggerated system security threats on the computer.





Fake Detection Names
The program may falsely report detections of the following threats:





The user is then prompted to pay for a full license of the application in order to remove the threats.

The program may also display the following fake error messages:








Installation
When the program is executed, it creates the following folder:
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012010030820100309

It also creates the following files:

• C:\WINDOWS\Prefetch\1.EXE-335C5EEA.pf
• C:\WINDOWS\system32\drivers\[RANDOM FILE NAME].exe
• C:\WINDOWS\system32\drivers\[RANDOM FILE NAME].dll
• C:\WINDOWS\system32\[RANDOM FILE NAME].exe
• C:\WINDOWS\system32\[RANDOM FILE NAME].dll
• C:\WINDOWS\[RANDOM FILE NAME].exe
• C:\WINDOWS\[RANDOM FILE NAME].dll

• C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008011620080117
• C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008011720080118

• C:\Documents and Settings\Administrator\Cookies\index.dat
• C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
• C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
• C:\Documents and Settings\Administrator\ntuser.dat.LOG
• C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
• C:\WINDOWS\Prefetch\PERL.EXE-08A6F3BE.pf
• C:\WINDOWS\Prefetch\REGSHOT.EXE-2A173C98.pf
• C:\WINDOWS\system32\config\software.LOG
• C:\WINDOWS\system32\config\system.LOG

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"LoadAppInit_DLLs" = "1"
• HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\"C:\INF\1.exe" = "VirusProtector Application"
• HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\"HRZR_EHACNGU:P:\VAS\1.rkr" "1B 00 00 00 06 00 00 00 A0 F0 A0 6C C2 BE CA 01"

• HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008011620080117
• HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008011720080118

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\"Directory" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\"Directory" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\"CachePath" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\"CachePath" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\"CachePath" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\"CachePath" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\"CachePath" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\"CachePath" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\"CachePath" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\"CachePath" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM\"Start" = "0x389F0129"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM\"Start" = "0x8824EF45"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs" = ""
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs" = "aLslnAJQD.dll"
• HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\"HRZR_EHACNGU" = "1A 00 00 00 A6 01 00 00 90 50 33 F9 94 00 CA 01"
• HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\"HRZR_EHACNGU" = "1B 00 00 00 A7 01 00 00 B0 A6 9E 6C C2 BE CA 01"

2. Update the virus definitions. Reboot computer in SafeMode;

3. Delete the IE temp files,some VirusProtector temp file exisit there.

4.If you failed to remove VirusProtector,please go to our remove help forum:http://help.antiviruses123.com