Wednesday, February 29, 2012

Remove Internet ProtectorRemove Internet Protector

Remove Internet Protector
Internet Protector is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Internet Protector is installed. Internet Protector installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Internet Protector will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Internet Protector is to urge the user to register Internet Protector by purchasing the full version of Internet Protector so that to earn some money from the user. Internet Protector cannot detect and remove any malware / virus / trojan. Internet Protector will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.


Internet Protector can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Internet Protector shown in the removal guide below. All files related to Internet Protector must be deleted.

Internet Protector should be removed immediately!

Internet Protector Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
internet protector.exe

Delete Registry
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Internet Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Protector

Remove Folders and Files

%AppData%\Internet Protector
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Protector.lnk
%Programs%\Internet Protector.lnk
%Programs%\Internet Protector

No comments:

Post a Comment