Smart Protection 2012
Description:
Smart Proteciton is another rogue antivirus that displays fake alerts on the user's Desktop. It is a branch-off of an old variant "System Tool". Like other rogues, it will scam/scare the user on to purchasing a license on their website.
Screenshots:
Behavior:
Once the infection is installed and running, it will prevent the execution of any application that the user will try to launch. Alerts will be displayed by the system tray.
This infection drops the following files on to the hard disk:
It also creates the following Registry keys:Code:%commonappdata%\<random>\<random>.exe %desktop%\Smart Protection 2012.lnk Windows XP: %commonappdata% = C:\Documents and Settings\All Users\Application Data\ Windows 7/Vista: %commonappdata% = C:\ProgramData\
To Remove Smart Protection 2012, download and install Spyware Doctor with AntiVirus or PC Tools Internet Security.Code:Windows XP: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "<random>" Type: REG_SZ Data: C:\Documents and Settings\All Users\Application Data\<random>\<random>.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012 "DisplayIcon" Type: REG_SZ Data: C:\Documents and Settings\All Users\Application Data\<random>\<random>.exe,0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012 "DisplayName" Type: REG_SZ Data: Smart Protection 2012 Windows Vista/7: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "<random>" Type: REG_SZ Data: C:\ProgramData\<random>\<random>.exe KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012 "DisplayIcon" Type: REG_SZ Data: C:\ProgramData\<random>\<random>.exe,0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012 "DisplayName" Type: REG_SZ Data: Smart Protection 2012
Once you have it installed, run a Full Scan
1. Click on "Start Scan Now" tab on the top menu
2. Click "Full Scan"
Note: If the infection is preventing you from running/downloading/installing our software, load your machine into Safe Mode with Networking. Refer to the "Restart the Computer in Safe Mode with Networking" procedures below.
Manually Remove Smart Protection 2012:
Given that the infection prevents the launch of applications while it is loaded, you will need to do the manual removal via Safe Mode.
Restart the Computer in Safe Mode with Networking:
1. When the computer starts back up, begin immediately by pressing the F8 key repeatedly until the Windows Startup menu appears with various options.
2. By using the up and down arrow keys on the keyboard, select "Safe Mode with Networking".
3. Login to your account (if asked).
4. Wait and eventually Windows will start in Safe Mode.
From there, you can launch the Registry Editor via "Start" > "Run" > type "Regedit" and click on "Run"
1. Locate the registry keys mentioned above.
2. After removing the keys, delete the files that it dropped.
3. You should then be able to safely boot back into Normal Mode without this infection.
Results 1 to 1 of 1
Thread: Remove Smart Protection 2012
-
02-22-2012, 04:58 AM #1
Malware Response Team
- Join Date
- Sep 2010
- Posts
- 241
Remove Smart Protection 2012
Last edited by Hermit; 02-22-2012 at 05:04 AM.
"Anyone can achieve their fullest potential, who we are might be predetermined, but the path we follow is always of our own choosing. We should never allow our fears or the expectations of others to set the frontiers of our destiny. Your destiny can't be changed but, it can be challenged. Every man is born as many men and dies as a single one." - Timothy McGee (NCIS)
Reply With Quote
