How to remove one nasty rouge malware!

This is a rouge fake anti malware program designed to steal your hard earned dollars.

A computer user I was working with caught the privacy protection virus and it immediately took out Microsoft security essentials and made it useless.

It also made everything useless on the desktop including any malware removal tools and you cannot even start the windows task manager.  It also hijacked Firefox and internet explorer and redirected both to malicious websites.

What happened next was the it kept popping up with fake security alerts and it kept nagging to buy the software.  It also said the computer infected with 50 viruses.

Try SEO PowerSuite

The privacy protection virus software is fake; you should try and get this off your computer as fast as you can.  This is a Trojan and will install the rouge program on your computer.

Once the rouge software is installed on your computer it keeps adding keys to the windows registry.  It is software which is a parasite which will replicate itself and repair its own files if bogus attempts to repair it are made.

This is dangerous malware, the privacy protection virus, and your data and privacy are at risk.  It can be removed either manually or with a series of malware removal programs.

I use Nod32 Anti virus.  It is the best for keeping viruses like the privacy protection virus out of your computer.  [easyazon-link asin=”B005EJ2R4O”]Click here for ESET NOD32 ANTIVIRUS V.5 1 USER (WIN ME,NT,CE,2000,XP,VISTA,WIN 7)[/easyazon-link]

It did not remove the rouge malware manually, however you can if you would like and I will provide instructions below  to remove to remove this, if you would like to do so.

What I had to do to get rid of it, was enter into windows safe mode and attempt to remove it.

While I was in windows safe mode the malware was still rearing it’s ugly payload.  This is a sign this is a bad Trojan virus.

In my first attempt to rid the computer of the malware, I tried to run Combofix and all the program did was sit there and did not go into full removal mode.

The combo fix reported I was dealing with a Rootkit virus.  After seeing this I decided to use Kaspersky TDSSKiller to remove the root kit.  Once the Rootkit was removed I was still dealing with it.

Next I ran Malwarebytes and it found a few other Trojan viruses plus some other malware.  Cool, I though, however I was wrong.  Malwarebytes did not remove everything.

So, at this point upon rebooting windows I am still dealing with it and a desktop I can do nothing with.

I then ran combofix and it did not clean it.  At this point I had to run Smitfraudfix which was able to clean it from the infected system.

This is a tough virus to remove and you should take your computer off any network you are currently connected to.  This malware will replicate to other computers as fast as it can.

How to remove the privacy protection virus.

If you have tried to remove the privacy protection virus with some malware removal program and you had no such luck follow below:

  1. Reboot your windows computer in safe mode.
  2. Download the Kaspersky TDSSKiller and run it.  If you are able to you can also use Combofix if you can get it to run properly.
  3. Download and run Malwarebytes.  Make sure you update the program all the way if you can before running it.
  4. At this point if you are still having issues, then you may need to run Smitfraudfix to clean the virus.

The privacy protection virus is not to be taken lightly and should be removed upon discovery.

Something to think about is, if you are running antivirus software then you should make sure it is up to date or you should think about getting another solution.

I have seen viruses such as this destroy data on a user’s computer where even trying to recover the hard drive did not work.

Always make sure your data is backed up to something else other than your own computer.

Manual Removal of Privacy Protection virus

You can remove the privacy protection virus manually, but doing so can damage your Windows system beyond repair.  Remember it can replicate and repair itself.  Manual removal should only be attempted by an experience user.

First, stop these Windows processes.

defender.exe

[random].exe

Next, delete these registry entries.

HKEY_CURRENT_USER\Software\Malware Protection

HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz

HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1

HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}

HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}

HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}

HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}

HKEY_CURRENT_USER\Software\Microsoft “adver_id” = “29?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe;”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Malware Protection”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “rundll32? = “”

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\defender.exe” /sn”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = “0?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “rundll32? = “”

Finally Remove these privacy protection virus files.

defender.exe

[random].exe

Finally, after manual removal you want to use a program such as Hijackthis to make sure everything is removed from your system.  The privacy protection virus is something that you want to remove from your system right away.