1. What is VirusProtect?
It belongs to fake anti-spyware software category and usually infects the system by downloading corrupt video codec, which are necessary for video content review. Some suspicious websites play a trick on visitor and ask to download corrupt video codec, which is bundled with trojan infection, in this instance - Trojan.Zlob. VirusProtect is directly installed by Trojan.Zlob and shows assumed and exaggerated "computer has been infected" alerts in order to scare user and convert software download into purchase. After VirusProtect has been installed on PC it will immediately start computer scan for malware and in the end generates report asking for licensed program version in order to remove found threats. Mind that, even after the purchase it will not remove spyware as promised!
Also known as Virus Protect 3.8 (or 3.9 version). In fact it is renewal of a past threat VirusProtectPro
Related threats: VirusHeat, VirusRay, AntiVirGear, SpywareQuake
Also known as Virus Protect 3.8 (or 3.9 version). In fact it is renewal of a past threat VirusProtectPro
Related threats: VirusHeat, VirusRay, AntiVirGear, SpywareQuake
2. VirusProtect screen shot:
3. How to remove VirusProtect:
- Internet connection might be disabled or Internet browser might be blocked by VirusProtect, so it won't be possible to download any files to infected computer. In this case please download all files required for VirusProtect removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
- To remove VirusProtect download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
-
After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:
-
After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove VirusProtect.
- Restart the computer to complete VirusProtect removal procedure.
4. VirusProtect files:
axdpfl.dll, chzbi.dll, cjuvwa.dll, e404d.dll, ezzhjmt.dll, fftktmk.dll, fsehfcu.dll, gnjsjc.dll, ivrllc.dll, moywh.dll, ncrjf.dll, ofcpi.dll, qhcvdw.dll, rldyt.dll, svxmhpz.dll, tvtpwp.dll, ucmbegr.dll, uglgs.dll, wowlze.dll, wygomd.dll, ymmzwd.dll, zcwlnic.dllVirusProtect 3.8.exe, VirusProtect 3.9.exe
5. Hijackthis entries:
O4 Entries: |
O4 - HKLM\..\Run: [VirusProtect 3.8] "C:\Program Files\VirusProtect 3.8\VirusProtect 3.8.exe" /h |
O4 - HKLM\..\Run: [VirusProtect 3.9] "C:\Program Files\VirusProtect 3.9\VirusProtect 3.9.exe" /h |
O22 Entries: |
O22 - SharedTaskScheduler: doglike - {3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea} - C:\WINDOWS\System32\fftktmk.dll |
O22 - SharedTaskScheduler: groutiest - {d653e105-3e53-480a-b129-54d957d174bb} - C:\WINDOWS\system32\ucmbegr.dll |
O22 - SharedTaskScheduler: haeckel - {8373a2e0-bdd0-42bd-b4ec-ba5451eb6607} - C:\WINDOWS\system32\moywh.dll |
O22 - SharedTaskScheduler: bayoneting - {e221f0dc-2696-4b2e-bd63-25b33dc19b6e} - C:\WINNT\System32\wygomd.dll |
O22 - SharedTaskScheduler: bemocked - {b0883848-1466-4470-a418-3fe7d36694b9} - C:\WINDOWS\system32\rldyt.dll |
O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll |
O21 - SSODL: E404Helper - {d9f0cf95-2ef5-4ab8-b6b6-d5125a581b43} - e404d.dll |
O22 - SharedTaskScheduler: dimanganous - {3ae12a89-2063-409b-87f2-f809a6e76862} - C:\WINDOWS\system32\chzbi.dll |
O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - C:\WINDOWS\system32\ymmzwd.dll |
O22 - SharedTaskScheduler: edgers - {d66c22b6-2217-4d1a-9a90-1a54de1fc706} - C:\WINDOWS\system32\zcwlnic.dll |
O22 - SharedTaskScheduler: graphologists - {76fbb79c-2ec6-4962-a324-fd4362588e1c} - C:\WINDOWS\system32\uglgs.dll |
O22 - SharedTaskScheduler: caribi - {8b87dcc7-9b89-4205-aa82-076b2a1edfe0} - C:\WINDOWS\system32\ncrjf.dll |
O22 - SharedTaskScheduler: eaton - {d8b937a4-cdad-497b-a872-8da7c4c3ef6f} - C:\WINDOWS\system32\tvtpwp.dll |
O22 - SharedTaskScheduler: geosphere - {c0ca766d-060c-48e1-b536-205e321bd174} - C:\WINDOWS\system32\wowlze.dll |
O22 - SharedTaskScheduler: disgorging - {0123eb75-964c-4cb3-b796-431cc9099570} - C:\WINDOWS\system32\cjuvwa.dll |
O22 - SharedTaskScheduler: cariniana - {5c770fbc-cc2f-4acd-93e8-e6f0594307fd} - C:\WINDOWS\system32\gnjsjc.dll |
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\System32\ezzhjmt.dll |
O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - C:\WINDOWS\system32\fsehfcu.dll |
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - C:\WINDOWS\system32\qhcvdw.dll |
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - C:\WINDOWS\system32\axdpfl.dll |
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll |
O22 - SharedTaskScheduler: cured - {7265100a-17e1-41bf-bd08-63b95a25a9c3} - C:\WINDOWS\system32\ofcpi.dll |