Removing "System Progressive Protection"

Fiskar

As the thread suggests I have the above malware program.

Have tried the steps in this guys solution but some of the files do not work and when in safe mode on my dell lattitude there is no internet connection.

Anyone had this and sucessfully removed it?

8mv

I'm afraid I only got it last night myself, Fiskar. I was going to try this guys instructions as well. I 'd also be interested if anyone has succeeded in deleting it.

mp22

http://www.bleepingcomputer.com/virus-removal/remove-system-progressive-protection

Fiskar

mp22 wrote: »

http://www.bleepingcomputer.com/virus-removal/remove-system-progressive-protection

Many thanks MP22,

Had to run rkill.scr as anything with .exe was shut down. problem running the virus cleanout prog as I need admin rights on this work related laptop. Anyways in Safe mode with RKill carried out I was able to track down the folder with the 3 files causing me grief and got them deleted along with the folder. Not an ideal solution but no problems since. Would not have happened if I had been on the high stool watching the Ryder Cup instead of watching it for hours on the lappy.
Again, many thanks to you and the boards forum.
Any point in keeping the Rkill handy or will these files just become outdated?

ASJ112

RKill is going to be constantly updated for new infections, so no point keeping it.

ifElseThen

Had this on my laptop this morning. For windows 7, it's caught in the action center and you can remove it from there.

Conchir

Just got this on my laptop. I switched it off once I realised it was a virus and I couldn't start any programs. Just turned back on there, there doesn't seem to be any problems. Is there anything I should do or look out for?

mp22

run a scan ect as layed out in the bleeping computer link

phog

mp22 wrote: »

run a scan ect as layed out in the bleeping computer link

After two bouts of the garda virus in last few days I've picked this one up this evening.

I'm currently in safe mode and scanning with mbam but on reading the link you've posted above I see a mention of using "Secunia PSI" as well, do I need to do this and is it a case of downloading and using, I'm no good at reading or understanding logs.

Thanks in advance.

Edited to add the mbam log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.19.11

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
PATRICK :: TOSHIBA [administrator]

19/10/2012 18:35:45
mbam-log-2012-10-19 (18-35-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 420487
Time elapsed: 55 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|D8F837F30182120E0000D8F75F001682 (Trojan.FakeAlert.SSGen) -> Data: C:\Documents and Settings\All Users\Application Data\D8F837F30182120E0000D8F75F001682\D8F837F30182120E0000D8F75F001682.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\PATRICK\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Documents and Settings\PATRICK\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\PATRICK\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\D8F837F30182120E0000D8F75F001682\D8F837F30182120E0000D8F75F001682.exe (Trojan.FakeAlert.SSGen) -> Quarantined and deleted successfully.

(end)

mp22

I am no expert but it looks like you have got rid of the malware.

seuki

Is simple to remove:
Boot in safe mode and delete the %AppData%\[random]\[random].exe - you can identify the executable by icon(lock)

on my PC it was sitting in
c:\Documents and Settings\All Users\Application Data\1C5AF5595E551DB100001C5AD9052450/1C5AF5595E551DB100001C5AD9052450.exe

and don't use other ways of disinfection from the sites mentioned earlier - they would put more viruses!!!

read:
http://blogs.mcafee.com/mcafee-labs/system-progressive-protection-another-form-of-fake-av