Sign in to follow this  
Christian Mairoll

WindowsPolicePro Adware Removal Instructions

Recommended Posts

 

The Emsi Software malware research team has discoverd a new outbreak for the Adware.Win32.WindowsPolicePro.

WindowsPolicePro is a rogue security program that:

  • Show False warning messages.
  • Show Misleading scan results.
  • Show fake Windows Security Center.
  • Show fake error svchost.exe.
  • And it’s Browser Helper Objects

The main installer of this malware seem like packed with EXECryptor, and it extract several files to:

%ProgramFiles%Windows Police Promsvcm80.dll
%ProgramFiles%Windows Police Promsvcp80.dll
%ProgramFiles%Windows Police Promsvcr80.dll
%ProgramFiles%Windows Police Prowindows Police Pro.exe
%ProgramFiles%Windows Police Protmpdbsinit.exe
%ProgramFiles%Windows Police Protmpwispex.html
%ProgramFiles%Windows Police Protmpimagesi1.gif
%ProgramFiles%Windows Police Protmpimagesi2.gif
%ProgramFiles%Windows Police Protmpimagesi3.gif
%ProgramFiles%Windows Police Protmpimagesj1.gif
%ProgramFiles%Windows Police Protmpimagesj2.gif
%ProgramFiles%Windows Police Protmpimagesj3.gif
%ProgramFiles%Windows Police Protmpimagesjj1.gif
%ProgramFiles%Windows Police Protmpimagesjj2.gif
%ProgramFiles%Windows Police Protmpimagesjj3.gif
%ProgramFiles%Windows Police Protmpimagesl1.gif
%ProgramFiles%Windows Police Protmpimagesl2.gif
%ProgramFiles%Windows Police Protmpimagesl3.gif
%ProgramFiles%Windows Police Protmpimagespix.gif
%ProgramFiles%Windows Police Protmpimagest1.gif
%ProgramFiles%Windows Police Protmpimagest2.gif
%ProgramFiles%Windows Police Protmpimagesup1.gif
%ProgramFiles%Windows Police Protmpimagesup2.gif
%ProgramFiles%Windows Police Protmpimagesw1.gif
%ProgramFiles%Windows Police Protmpimagesw11.gif
%ProgramFiles%Windows Police Protmpimagesw2.gif
%ProgramFiles%Windows Police Protmpimagesw3.gif
%ProgramFiles%Windows Police Protmpimagesw3.jpg
%ProgramFiles%Windows Police Protmpimageswt1.gif
%ProgramFiles%Windows Police Protmpimageswt2.gif
%ProgramFiles%Windows Police Protmpimageswt3.gif
%SystemRoot%ppp3.dat
%SystemRoot%ppp4.dat
%SystemRoot%svchasts.exe
%SystemRoot%system32bennuar.old
%SystemRoot%system32dddesot.dll
%SystemRoot%system32desote.exe
%SystemRoot%system32sysnet.dat
%UserProfile%DesktopPC_protect.exe
%UserProfile%DesktopWindows Police Pro.lnk
%UserProfile%Start MenuProgramsWindows Police ProWindows Police Pro.lnk

And create new registry entries:

HKEY_CURRENT_USERsoftwareWindows Police Pro
HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police Pro
HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police ProRegistration
HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police Prosetdata
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionUninstallWin Police Pro
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAntipPro2009_100
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{76DC0B63-1533-4ba9-8BE8-D59EB676FA02}

This malware also try to connect to core2634.newdomainagain.com.

WindowsPolicePro graphical user interface

WindowsPolicePro price

Show fake Windows Security Center

Show fake error svchost.exe

User must register to enable removal feature.

 

How to remove the infection of Adware.Win32.WindowsPolicePro?

To delete this malware infection, please download and install a-squared
Anti-Malware
. Run a full scan on all drives and move all detected items
to the quarantine



View the full article

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.