How to Remove System Progressive Protection Rogue

System Progressive Protection is a rogue security software that belongs to the WinWebSec family of rogues (clones are Security Tool, Security Shield, Smart Fortress 2012, Smart Protection 2012, Personal Shield Pro, Live Security Platinum, etc). This rogue antivirus displays fake security alerts and notifications upon installation in order to scare the user into thinking their machine is infected with malicious software and nag them to purchase their fake security product in order to clean their PC.

 

Table of Contents:

  1. Characteristics
  2. Technical Details
  3. Removal Tool
  4. Manual Removal (Advanced Users)

Characteristics

Upon infection, System Progressive Protection rogue inundates the infected PC with fake alerts and pop-up claiming that the machine is infected and shows multiple fake infection names. It continues to nag the user to proceed to purchase their software in order to clean their PC. Below are some of these fake alerts and notifications:

System Progressive Protection Warning
System Progressive Protection has found viruses at your system.
We highly recommend to get license for System Progressive Protection Scanner to remove harmful software now.

System Progressive Protection Warning
Spyware process is found. This is virus that is trying to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) for the third-parties. Click here to protect your data with System Progressive Protection.

System Progressive Protection Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification by removing threats.

System Progressive Protection Firewall Alert
System Progressive Protection Firewall has blocked a program from accessing the internet. Internet Explorer Internet Browser is infected with Stealth.Keylogger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remove host..

System Progressive Protection warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozila Firefox, Outlook and other programs. Click here to remove it immediately with System Progressive Protection

Warning!
Application cannot be executed. The file <program-name> is infected. Please activate your antivirus software.

Security Monitor: WARNING!
Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software. Click Yes to download official intrusion detection system (IDS software).

Here is an example screenshot of a fake alert displayed by this rogue:

Please disregard these warnings displayed by this rogue since these alerts are all fake. Do not enter any of your personal information in any of the rogue pop-up windows.

Browser Hijacking

System Progressive Protection rogue additionally hijacks the installed web browser so that an infected user is unable to visit any websites. This is to prohibit an infected user from visiting legitimate security software sites in order to find a remedy. It displays a security alert that contains the following text:

Warning! 
The site you are trying to visit may harm your computer!
Your security setting level puts your computer at risk!

Top of Page

Technical Details

The System Progressive Protection rogue is installed either via browser exploits or a booby-trapped website that re-directs to a fake scanner page. The fake scanner page uses social engineering tactics to scare the user into downloading their software and executing it.

Files and folders created by System Progressive Protection:

The following files and folders are created in the filesystem:

%Desktop%\System Progressive Protection.lnk

%StartMenu%\Programs\System Progressive Protection\System Progressive Protection.lnk

%AppData%\<random>\<random>.exe

Notes:

%Desktop% represents the path “C:\ Documents and Settings\<Current User>\Desktop” for Windows 2000/XP, and “C:\Users\<Current User>\Desktop” for Windows Vista, Windows 7, and Windows 8.

%AppData% represents the path “C:\Documents and Settings\<Current User>\Application Data” for Windows 2000/XP, and “C:\Users\<Current User>\AppData\Roaming” for Windows Vista, Windows 7, and Windows 8.

%StartMenu% represents the path “C:\Windows\start menu\” for Windows 95/98/ME, “C:\Documents and Settings\<Current User>\Start Menu\” for Windows 2000/XP, and “C:\Users\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu” for Windows Vista, Windows 7, and Widows 8.

Registry entries created by System Progressive Protection:

The following registry values are created:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\<random> %AppData%\<random><random>.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall System Progressive Protection

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall System Progressive Protection DisplayIcon %AppData%\<random><random>.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall System Progressive Protection DisplayName System Progressive Protection

Top of Page

Recommended Removal

Complete manual removal of this rogue application proves difficult, due to the inability to launch other tools or applications. Editing the system registry is not recommended since it could lead to system instability if any legit entries are accidentally removed or corrupted.

Because this rogue can block applications from running, download other malicious programs and automatically repair itself if not completely removed, we recommend manual removal only for experienced users, such as IT specialists or System administrators. For other users, we recommend using Stopzilla AVM 2013.

btn-sz-buy-now-300x116

Stopzilla AVM 2013 detects this threat and its associated components as: Rogue.Win32.SystemProgressiveProtection

We recommend  STOPzilla AVM to help you remove this infection.  Please click here to download. If you have any additional questions please feel free to call 1-855-969-0790.
Top of Page

Advanced User Removal

bnr-tech-support-300x116

Step-1: Reboot your PC in safe mode with networking. Immediately after you press the reboot button, press the F8 key on your keyboard and then among the boot options select “safe mode”.

Step-2: Download and run the free “Process Explorer” tool from Microsoft.

Step-3: Execute Process Explorer. This will list all active processes on the system. Look for process names that have file path in %AppData%, right click on it and select “Kill process”.

Step-4: The System Progressive Protection rogue can then be removed manually by deleting the files and registry entries listed above (in the Technical Details section).

Top of Page

No Comments Yet.

Leave a reply

Blue Captcha Image
Refresh

*