User Protection
From Wiki-Security, the free encyclopedia of computer security
|
||||||||||||||||
User Protection is another rogue anti-virus program from the people who made My Protection, Dr. Guard, Paladin Antivirus and Your Protection, and it is identical to these other scams in most respects. User Protection appeared on the Internet in March 2010, and it is an entirely typical example of a rogue anti-virus program, because of its use of Trojans and scare tactics.
How Does User Protection Get onto a Computer?
Almost universally, User Protection infections come as a surprise to the people who suddenly find this application on their computer, because it is downloaded without their permission. Usually what happens is that the Trojan that installs User Protection is hidden online in a file that you download, and which you would not think twice about downloading because it seems harmless. So it is common for this Trojan to hide in video codecs, browser extension updates, etc., although cases of infection through spam emails have been reported. Once the Trojan is on the computer, it makes sure that User Protection is installed. Although Trojans are infections in their own right, in this case, the Trojan is only a delivery mechanism and not an end in itself.What Does User Protection Do?
User Protection engages in a pretty standard pattern of attack once it is on a system. Probably the first thing you'll notice if your computer is infected is that as soon as you start Windows, User Protection opens a home screen. This is because it has changed the system settings to make it so that User Protection starts when Windows starts. On the User Protection home screen, there will be a bunch of icons and options for different aspects of PC security, and in the lower left, there will be an "upgrade" button. This entire interface is for show since User Protection is not capable of protecting anything. This home screen is where User Protection will run its fake system scans, after each of which it will claim that it has found a bunch of threats in the system. Some of these supposed "threats" may be legitimate, harmless and necessary Windows files, so it is best not to delete them. Whatever is not a harmless real file, it is made-up, anyway. In any case, User Protection will tell you that in order to delete these "threats", you have to pay for the full version. (Never pay for User Protection!)User Protection will also generate pop-up warnings that are carefully worded for dramatic effect. These warnings, which will pop-up frequently, will warn you that a virus that is sending your information to a hacker has been found, or that you are only using the demo mode of the program and all of your files could be deleted (which makes zero sense), or that the virus Zlob.Porn.Ad has been found on the computer. All of these messages will prompt you to buy the "licensed" version of User Protection in order to resolve the threats. These are scare tactics, pure and simple. None of these warning messages reflect reality; furthermore, they are more melodramatic than any real warning message would be.
Lastly, User Protection will interfere with some or all of your real programs. It will search for real anti-virus software on your computer, and then it will give you a warning message that says that it detected an infection in the anti-virus software. User Protection will recommend that you uninstall your anti-virus software as a precaution. Obviously, you shouldn't do this, since it's just a tactic that User Protection uses in order to confirm that it remains on your system. When you try to browse the Internet, User Protection will interfere with your browser so that you wind up going to its own malicious sites. Also, when you try to open other programs, User Protection will typically say they are infected, and it will prevent them from opening. So in case you do not fall for the "Your computer has viruses!" ploy, User Protection resorts to plain old extortion, by taking your computer hostage.
Please remember that paying for User Protection will neither remove it from your system, nor give you any kind of functionality from the program. If you pay the money, User Protection will continue to behave in exactly the same way as before. You can remove User Protection, and when it comes to dealing with the issue that User Protection poses, do not think for a minute that the solution will come from the scam artists who made this malware.
To check your computer for User Protection, download
SpyHunter Spyware Detection Tool.
SpyHunter spyware detection tool is only a scanner meant to assist you in detecting User Protection and other threats. If you detect the presence of User Protection on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of User Protection.
Contents |
Detection of User Protection (Recommended)
User Protection is difficult to detect and remove. User Protection is not likely to be removed through a convenient "uninstall" feature. User Protection, as well as other spyware, can re-install itself even after it appears to have been removed.
You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove User Protection and other spyware, adware, trojans and viruses on your computer.
Run a User Protection scan/check to successfully detect all User Protection files with the SpyHunter Spyware Detection Tool. If you wish to remove User Protection, you can either purchase the SpyHunter spyware removal tool to remove User Protection or follow the User Protection manual removal method provided in the "Remedies and Prevention" section.
Method of Infection
There are many ways your computer could get infected with User Protection. User Protection can come bundled with shareware or other downloadable software.
Another method of distributing User Protection involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing User Protection on your system. User Protection installs on your computer through a trojan and may infect your system without your knowledge or consent.
If you think you may already be infected with User Protection, use this SpyHunter Spyware dectection tool to detect User Protection and other common Spyware infections. After detection of User Protection, the next advised step is to remove User Protection with the purchase of the SpyHunter Spyware removal tool.
Symptoms
User Protection may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of User Protection from your computer.
Remedies and Prevention
User Protection, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. User Protection along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.
Install a good anti-spyware software
When there's a large number of traces of Spyware, for example User Protection, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect User Protection and other types of spyware.
Remove User Protection manually
Another method to remove User Protection is to manually delete User Protection files in your system. Detect and remove the following User Protection files:
Processes
- usrprot.exe
Other Files
- C:\Documents and Settings\[User]\Start Menu\Programs\User Protection
- C:\Program Files\User Protection
- User Protection
- User Protection Support.lnk
- User Protection.lnk
- %UserProfile%\Start Menu\Programs\User Protection
- %ProgramFiles%\User Protection
Registry Keys
- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
- HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
- HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
- HKEY_LOCAL_MACHINE\SOFTWARE\User Protection
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\User Protection
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "User Protection"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
External links
|
- Remove User Protection - Easy User Protection removal steps. Parasite database on how to remove spyware and rogue anti-spyware programs.
- McAfee Threat Center - Library of detailed information on viruses.
- How Spyware And The Weapons Against It Are Evolving
- Crimeware: Trojans & Spyware
- Windows System Update - Latest bug fixes for Microsoft Windows
|