Sign in to follow this  
Christian Mairoll

Your PC Protector Adware Removal Instructions

Recommended Posts

The Emsi Software malware research team has discoverd a new outbreak of the Your PC Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.YourPCProtector.

Your PC Protector is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

  • %ProgramFiles%nuar.old
  • %ProgramFiles%skynet.dat
  • %ProgramFiles%svchost.exe
  • %ProgramFiles%wp3.dat
  • %ProgramFiles%wp4.dat
  • %ProgramFiles%adc32.dll
  • %ProgramFiles%alggui.exe
  • %ProgramFiles%Your PC ProtectorYour PC Protector.exe
  • %UserProfile%DesktopYour PC Protector.lnk
  • %UserProfile%Start MenuProgramsYour PC ProtectorYour PC Protector.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}InprocServer32
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAdbUpd
  • HKEY_CURRENT_USERsoftwareYour PC Protector
  • HKEY_CURRENT_USERsoftwareYour PC ProtectorPC_protect
  • HKEY_CURRENT_USERsoftwareYour PC ProtectorPC_protectRegistration
  • HKEY_CURRENT_USERsoftwareYour PC ProtectorPC_protectsetdata

Modify registry entry:

  • HKEY_LOCAL_MACHINEsoftwareClassesexefileshellopencommand, “C:Program Filesalggui.exe “%1″ %*”

Screenshots:

Adware.Win32.YourPCProtector_1-400x301.p

Adware.Win32.YourPCProtector_2-400x334.p

Adware.Win32.YourPCProtector_3-400x210.p

How to remove the infection of Your PC Protector (Adware.Win32.YourPCProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.



View the full article

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.