- Blocks internet connection
- Block exe files from running
- Installs itself without permissions
- Connects to the internet without permission
- Normal system programs crash immediatelly
- Slow internet connection
- System crashes
- Annoying Pop-up's
- Slow Computer
System Protection Tools
It does not matter what infections System Protection Tools presents to you, there is nothing reliable about this simulated security program. System Protection Tools is a tool of cyber criminals to make you believe the legitimacy of System Protection Tools and pay money for a supposedly real full version of the rogue. The best way to deal with this infection is to remove System Protection Tools from the system in order to protect the system.
Not deleting System Protection Tools from the system means that you will have to put up with this rogue. It will scan your system and present fictitious threats; moreover, you will receive fake security messages claiming that a virus or Trojan has been detected. After the introduction of these issues, you are expected to lose your mind and do what System Protection Tools wants you to do which is to pay money for the fake “full” version. We strongly recommend that you not make any money transfer but delete System Protection Tools from the system.
The deletion of System Protection Tools might be a challenge if you chose a manual removal. You need to get rid of System Protection Tools completely which means that you cannot miss any files related to the rogue. A file of System Protection Tools skipped during the removal might download a new infection or regenerate the same one. It is highly advisable to use a legitimate antispyware tool which will remove the infection and not leave the constituents of System Protection Tools in the system. As a result, the system will be protected, and the same problem will not occur again.
It might be easy to confuse System Protection Tools with an legitimate application because of its name, but truth to be told, this rogue is not a new player in the field. It is a part of a bigger rogue family that includes such notorious threats as Malware Protection Center, Best Antivirus Software, Best Virus Protection and many other similar applications. They all share common interface, so System Protection Tools has the same sophisticate cherry look, just like its predecessors.
System Protection Tools also project a rather professional image with its "full" system scan, presenting you with the list of malware that you have to delete from your computer. There are such infections on that list as Trojan-Spy.HTML.Bayfraud.hn,
However, this is where System Protection Tools makes and obvious lie, because services.drv is an absolutely harmless file. The rogue only puts the blame on it, trying to build a respectable image. This files and many others (like cid.exe, eb.drv, PE.tmp, tempdoc.exe etc.) are created by System Protection Tools itself, and the rogue drops these files upon the installation, so it could later on blame it for the symptoms your computer experiences.
The rogue is obviously targeting a wide circle of global users, because depending on where you are, System Protection Tools changes its interface language. We have seen it easily switch from English to French.
However, most of its fake security messages are usually in English:
Warning! Virus detected
System Protection Tools will try to resist the removal by blocking various programs, and not allowing to access the Internet. In order to make the removal smooth and easy, you should "activate" it with this:
Click on the button that says "Activate full protection" and enter the code above. Afterwards, do not wait any longer and acquire a powerful malware removal tool that will delete System Protection Tools at once. You cannot allow this rogue to remain in your computer, because even if it is subdued it can come back any minute. Make sure System Protection Tools is gone once and for all.
How to renew your internet connection:This rogue antispyware blocks your Internet connection to prevent you from removing the rogue application. To enable the Internet connection, please follow these instructions:
How to manually remove System Protection Tools
Files associated with System Protection Tools infection:
%StartMenu%\System Protection Tools.lnk
%Programs%\System Protection Tools.lnk
%Desktop%\System Protection Tools.lnk
%AppData%\System Protection Tools\ScanDisk_.exe
%AppData%\System Protection Tools\Instructions.ini
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Protection Tools.lnk
System Protection Tools processes to kill:
Remove System Protection Tools registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "System Protection Tools"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe