Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Removing "System Progressive Protection"

  • 01-10-2012 8:36pm
    #1
    Closed Accounts Posts: 1,599 ✭✭✭


    As the thread suggests I have the above malware program.

    Have tried the steps in this guys solution but some of the files do not work and when in safe mode on my dell lattitude there is no internet connection.

    Anyone had this and sucessfully removed it?


Comments

  • Registered Users, Registered Users 2 Posts: 442 ✭✭8mv


    I'm afraid I only got it last night myself, Fiskar. I was going to try this guys instructions as well. I 'd also be interested if anyone has succeeded in deleting it.


  • Moderators, Business & Finance Moderators, Regional South Moderators Posts: 6,854 Mod ✭✭✭✭mp22




  • Closed Accounts Posts: 1,599 ✭✭✭Fiskar


    mp22 wrote: »

    Many thanks MP22,

    Had to run rkill.scr as anything with .exe was shut down. problem running the virus cleanout prog as I need admin rights on this work related laptop. Anyways in Safe mode with RKill carried out I was able to track down the folder with the 3 files causing me grief and got them deleted along with the folder. Not an ideal solution but no problems since. Would not have happened if I had been on the high stool watching the Ryder Cup instead of watching it for hours on the lappy.
    Again, many thanks to you and the boards forum.
    Any point in keeping the Rkill handy or will these files just become outdated?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    RKill is going to be constantly updated for new infections, so no point keeping it.


  • Closed Accounts Posts: 348 ✭✭ifElseThen


    Had this on my laptop this morning. For windows 7, it's caught in the action center and you can remove it from there.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 961 ✭✭✭Conchir


    Just got this on my laptop. I switched it off once I realised it was a virus and I couldn't start any programs. Just turned back on there, there doesn't seem to be any problems. Is there anything I should do or look out for?


  • Moderators, Business & Finance Moderators, Regional South Moderators Posts: 6,854 Mod ✭✭✭✭mp22


    run a scan ect as layed out in the bleeping computer link


  • Registered Users, Registered Users 2 Posts: 24,947 ✭✭✭✭phog


    mp22 wrote: »
    run a scan ect as layed out in the bleeping computer link

    After two bouts of the garda virus in last few days I've picked this one up this evening.

    I'm currently in safe mode and scanning with mbam but on reading the link you've posted above I see a mention of using "Secunia PSI" as well, do I need to do this and is it a case of downloading and using, I'm no good at reading or understanding logs.

    Thanks in advance.

    Edited to add the mbam log

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.19.11

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    PATRICK :: TOSHIBA [administrator]

    19/10/2012 18:35:45
    mbam-log-2012-10-19 (18-35-45).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 420487
    Time elapsed: 55 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|D8F837F30182120E0000D8F75F001682 (Trojan.FakeAlert.SSGen) -> Data: C:\Documents and Settings\All Users\Application Data\D8F837F30182120E0000D8F75F001682\D8F837F30182120E0000D8F75F001682.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Documents and Settings\PATRICK\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.

    Files Detected: 3
    C:\Documents and Settings\PATRICK\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PATRICK\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\D8F837F30182120E0000D8F75F001682\D8F837F30182120E0000D8F75F001682.exe (Trojan.FakeAlert.SSGen) -> Quarantined and deleted successfully.

    (end)


  • Moderators, Business & Finance Moderators, Regional South Moderators Posts: 6,854 Mod ✭✭✭✭mp22


    I am no expert but it looks like you have got rid of the malware.


  • Registered Users, Registered Users 2 Posts: 1 seuki


    Is simple to remove:
    Boot in safe mode and delete the %AppData%\[random]\[random].exe - you can identify the executable by icon(lock)

    on my PC it was sitting in
    c:\Documents and Settings\All Users\Application Data\1C5AF5595E551DB100001C5AD9052450/1C5AF5595E551DB100001C5AD9052450.exe

    and don't use other ways of disinfection from the sites mentioned earlier - they would put more viruses!!!

    read:
    http://blogs.mcafee.com/mcafee-labs/system-progressive-protection-another-form-of-fake-av


  • Advertisement
Advertisement