Remove Windows Protection Suite
Windows Protection Suite is the latest fake anti-spyware variant of Windows Security Suite. Just like Windows Security Suite, Windows Protection Suite uses scare tatics (alerts and popups telling user of virus and malware infections) to convince the user to purchase a full license. This full license claims it will remove the infections from the user’s computer. Windows Protection Suite is a total scam and should be removed as soon as possible.
Windows Protection Suite is spread through tojan horse viruses and through malicious websites containing fake anti-spyware/anti-virus programs. Besides random alerts and popups, this rogue program impersonates Windows Security center in order to make the warning look more offical. Do not click on any web links from these alerts and popups. Here is a screenshot of this fake anti-spyware program:
Automatic Windows Protection Suite removal:
Manual Windows Protection Suite removal:
Kill processes: CLSV.exe, ppal.exe, snl2w.exe, std.exe, WI345d.exe, WindowsProtectionSuite.exe, uninstall.exe
(Learn how to kill processes)
Unregister DLLs:
%Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
%Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\grid.dll
%UserProfile%\Recent\kernel32.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\SM.dll
%UserProfile%\Recent\tempdoc.dll
(Learn how to unregister DLLs)
Delete registry keys:
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "9877034603"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Protection Suite"
(Learn how to delete registry keys)
Delete files:
%Documents and Settings%\All Users\Application Data\345d567\26.mof
%Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
%Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
%Documents and Settings%\All Users\Application Data\345d567\WI345d.exe
%Documents and Settings%\All Users\Application Data\345d567\WINSS.ico
%Documents and Settings%\All Users\Application Data\345d567\WINSSSys\vd952342.bd
%Documents and Settings%\All Users\Application Data\345d567\working.log
%Documents and Settings%\All Users\Application Data\WINSSSys\winss.cfg
%Program Files%\Mozilla Firefox\searchplugins\search.xml
%Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.exe
%Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.url
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite 2009.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk
%UserProfile%\Application Data\Windows Protection Suite
%UserProfile%\Application Data\Windows Protection Suite 2009
%UserProfile%\Application Data\Windows Protection Suite 2009\Instructions.ini
%UserProfile%\Application Data\Windows Protection Suite\cookies.sqlite
%UserProfile%\Application Data\Windows Protection Suite\Instructions.ini
%UserProfile%\Desktop\Windows Protection Suite 2009.lnk
%UserProfile%\Desktop\Windows Protection Suite.lnk
%UserProfile%\Desktop\WindowsProtectionSuite.exe
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\DBOLE.drv
%UserProfile%\Recent\dudl.sys
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\grid.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\kernel32.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\SM.dll
%UserProfile%\Recent\snl2w.exe
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Start Menu\Programs\Windows Protection Suite 2009.lnk
%UserProfile%\Start Menu\Programs\Windows Protection Suite.lnk
%UserProfile%\Start Menu\Programs\WindowsProtectionSuite
%UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite Website.lnk
%UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite.lnk
%UserProfile%\Start Menu\Windows Protection Suite 2009.lnk
%UserProfile%\Start Menu\WindowsProtectionSuite.lnk
(Learn how to delete files)
Delete folders:
%Documents and Settings%\All Users\Application Data\345d567
%Program Files%\WindowsProtectionSuite
%UserProfile%\Application Data\Windows Protection Suite
%UserProfile%\Start Menu\Programs\WindowsProtectionSuite
Once you have removed Windows Protection Suite from your computer using either the automatic or manual method, make sure to block it and other malicious software using a HOSTS file. We recommend downloading the HOSTS file from here, which contains a complete, up-to-date list of malicious websites.
If this article has helped you, please take this time to share it with Digg using the Digg button (see Digg share button to the left) or retweet it using Twitter (see retweet button to the left). You may also want to follow us on Twitter to keep up-to-date with the latest spyware prevention tips and spyware threats. If you'd rather follow us from your Facebook account, please join our Facebook fan page.
Popular Articles