|
Your Protection
What is a rogue antivirus program? This is a question that every computer user should know the answer to in order to maintain their system's security and performance. Rogue programs like Your Protection offer to provide security solutions for your computer, but what do you really end up getting?
Your Protection: A Rogue Antivirus Program
Your Protection is a typical rogue antivirus program in that it makes promises that its ineffective software cannot back up. Programs like these create security warnings in the hopes you will take immediate action without thinking about your options carefully or considering if the program offering protection is reputable. Thwarting their plans is as easy as knowing how to recognize the signs that they are there, and if they are, removing them thoroughly.
How Your Protection Accesses a System
There are two routes that Your Protection can use to access your system. The more common of the two is that it enters via Trojans. Trojans often disguise themselves and hide in websites. Zlob, for instance, is a Trojan that masquerades as a video codec. If you download an affected video, Zlob is downloaded along with it. Once Zlob is inside, it deposits the malware, which may include Your Protection. Zlob is only one Trojan; there are others that can affect adult, social networking, freeware, warez, gaming, or peer-to-peer sites, as well as email attachments.
The other method, much preferred by Your Protection, is user installation. The free version, which is downloaded via Trojan, issues ads that create the illusion that you have security issues. This prompts many people to purchase the program in an effort to keep their computers safe. In truth, there is no difference, besides money, between the free and full versions. Neither free nor full versions offer protection of any kind.
Signs that Your Protection Has Accessed a Computer
Because one of Your Protection's modes of entry is Trojan, most people do not realize that the rogue program is even on their computers. After the Trojan has deposited Your Protection, the rogue antivirus program covertly changes your computer's security settings so that it can run without detection. To further ensure that it can operate without interference, Your Protection will issue a warning that reads:
There is unauthorized antivirus software detected on your computer. It is recommended you to remove it, otherwise it could conflict with Your Protection.
Never disable your security program, unless you are replacing it with one that is legitimate. Also be aware that legitimate antivirus programs will not come to you; they will not invade your computer and issue warnings and scan results. This is typical of rogue programs. Below are messages commonly issued by Your Protection:
Warning! Network attack detected!
Network intrusion detected!
Your computer is being attacked by a remote PC.
Danger!
Unauthorized person tries to steal your passwords and private information. Click on the message to prevent identity theft.
Danger!
A security threat detected on your computer. TrojanASPX.JS.Win32. It strongly recommended to remove this threat right now. Click on the message to remove it.
False scan results are another type of pop-up that Your Protection makes liberal use of. The scan results will indicate that your current security program is disabled. This free scan was conducted as part of the demo mode of Your Protection, and you are told you can upgrade to the full version in order to resolve the security issues the scan has revealed. The problem with this is that the scan results are false, your current security program is not disabled, and there is absolutely no difference, save money, between the free and full versions.
Pop-ups and false scan results are tell-tale signs of a rogue antivirus program like Your Protection, but there are other signals to watch for. One of the more irritating is changed browser settings. Your Protection redirects you at every opportunity to sites that prompt you to buy the program. It can eventually become difficult to navigate online. Also watch for slowed computer operation and new icons on your system tray and/or desktop.
Your Protection Removal
If you notice signs that Your Protection has been downloaded into your computer, or if you have installed it directly, take immediate steps to remove it as soon as possible. Removing Your Protection will help you prevent potential risks, including:
When confronted by the presence of a rogue antivirus program, many people do one of two things: uninstall Your Protection or run their current antivirus program. The first option isn't effective because rogue antivirus programs are able to evade detection. They are adept at burying themselves in your system registry and replicating themselves as needed. Running your antivirus software won't work simply because rogue antivirus programs are not viruses. They are designed to evade detection by these programs.
What next? The very best option is to remove Your Protection with a program like Malwarebytes Anti-Malware (Malwarebytes has free malware removal) . This is not a regular antivirus program; it is specifically geared towards rogue antivirus programs and can detect elusive programs like Your Protection. Fast, easy, thorough, and safe: this is by far the easiest way to restore your computer to optimal functioning.
You also have the option of manual removal, though this is not generally recommended for those with little technical expertise. The risk involved here is that you could miss a file and Your Protection could replicate in your system registry, or that you could accidentally delete a necessary file and negatively affect the performance of your computer. Manual removal is a painstaking task and takes quite some time as files tend to look the same, and telling one from another is often difficult if they are one letter or number apart. One may be necessary, the other a rogue. If you have a lot of patience, time, and knowledge, try the following to remove Your Protection:
Kill Processes:
urpprot.exe mplay32xe.exe
Delete Registry Values:
HKEY_CLASSES_ROOTCLSID{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallYour Protection
HKEY_LOCAL_MACHINESOFTWAREYour Protection
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "mplay32xe.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Your Protection"
HKEY_CLASSES_ROOT*shellexContextMenuHandlersSimpleShlExt "(Default)" = "{5E2121EE-0300-11D4-8D3B-444553540000}"
HKEY_CLASSES_ROOTFoldershellexContextMenuHandlersSimpleShlExt "(Default)" = "{5E2121EE-0300-11D4-8D3B-444553540000}"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{5E2121EE-0300-11D4-8D3B-444553540000}"
Unregister DLLs:
fiosejgfse.dll urpext.dll urphook.dll
Delete Files:
about.ico activate.ico buy.ico help.ico scan.ico settings.ico splash.mp3 Uninstall.exe update.ico urp.db urpext.dll urphook.dll urpprot.exe virus.mp3 4otjesjty.mof asd1.tmp mplay32xe.exe urp.dat urpr.dat Your Protection.lnk Your Protection Support.lnk
Delete Directories:
C:Program FilesYour Protection
%UserProfile%Start MenuProgramsYour Protection
For free automatic removal we recommend using Malwarebytes Anti-Malware. This program is widely recommended by reputable third-party sites, so you can be reasonably confident of its ability to safely get rid of Your Protection and any hidden Trojans. As a precaution we recommend double checking your system with Spyware Doctor. This program requires paid registration to enable deletions, however it has a money back guaranteed and is the top of the line in malware removal. It should catch malware that evades Malwarebytes and block anything that tries to reinstal itself.
Important note: If Malwarebytes is blocked by malware then run Chameleon (Start Menu → All Programs → MalwareBytes' Anti-Malware → Tools → Malwarebytes' Anti-Malware Chameleon). If you need further help removing Your Protection please email us at info@removeadware.com.au or call for personal assistance on toll-free number 888-655-3453, within the USA and Canada.
All content copyright 2006-2012, Bonobo Pty Limited. All Rights Reserved.
Privacy Policy | Terms Of Service