Rogue AV Removals

System Care Antivirus Removal – How To Guide

Apr 202013

System Care Antivirus is a bogus malware application designed to scam unsuspecting users by threatening them and then forcing them to buy the rogue application. System Care Antivirus looks exactly same as its previous successor named System Progressive Protection.

System Care Antivirus spreads via hacked websites and malicious downloads. It can’t get inside your computer automatically but something from your side has to trigger its infection. It is likely that recently you’ve downloaded something off the Internet and that download came bundled with System Care Antivirus. If you download that so called free stuff from Internet, your computer can easily catch infections like System Care Antivirus. You think that you’re getting something for free but when you open the downloaded stuff, System Care Antivirus gets activated and start bothering you.

Once running in your computer, it will block everything and fake security alerts will start popping up from everywhere. Before you fully understand about what is happening, you’ll see System Care Antivirus on your screen doing a bogus scan and showing numerous infections. All the reported infections are fake and actually there is no malicious stuff on your computer. It is System Care Antivirus trying to fool you so that you buy its full version and pay money to scammers. This scare tactics work really well and If you don’t enquire about System Care Antivirus, you might also pull out your credit card and buy a fake software which is of no use.

System Care Antivirus Removal

System Care Antivirus will also show bogus alerts like :

Spyware.IEMonster activity detected.
This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with System Care Antivirus.

System Care Antivirus Firewall Alert
System Care Antivirus Firewall has blocked a program from accessing the Internet. Internet Explorer Internet Browser is infected with worm SVCHOST.Stealth.Keyloger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.

System Care Antivirus Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.

Warning: Your computer is infected
Detected spyware infection! Click this message to install the last update of security software…

You shouldn’t pay attention to any of these alerts as these alerts are totally manufactured by System Care Antivirus. There is nothing such happening in your computer and these alerts are just to scare you so that you start believing that something malicious is going on with your computer. Read next part of this removal guide to learn how to remove System Care Antivirus quickly and easily.

How To Remove System Care Antivirus

System Care Antivirus blocks Task Manager as well as all other programs to make its removal much harder. If you’re a new computer user, you might not be able to remove System Care Antivirus easily If you don’t seek professional help. We’ve experiment with this malware in our research lab and tried two removal methods which are :

A. Automatic Removal Method
B. Manual Removal Method

We recommend Automatic Removal method because It is much easier to follow as well as way more effective than manual removal method. You can read more about both removal methods below.

A) Automatic Removal Method

As the name implies, this removal method is all about using automatic tools to remove the malware. You’ll need to use a genuine anti-malware program and scan your computer to get rid of all the malware hiding in your computer. This method is very effective as you’ll be able to remove System Care Antivirus as well as other malicious threats from your computer very easily. Here is how to proceed with Automatic Removal :

1. When System Care Antivirus is running in your computer, please click on Start—>Run, type “http://www.rogueavremovals.com/remover.php” (without quotation marks) and click OK button. This will start downloading removal tool from our servers. Alternatively, you can also click on this button to start the download and save the downloaded file as “explorer.exe” on desktop.

Please note that you must save the file as “explorer.exe” and I’ll tell you why. Explorer.exe is the name of a critical Windows process and System Care Antivirus doesn’t block files having this name. Therefore, If you save the removal tool as “explorer.exe” you can easily use it against this malware.

2. After downloading and saving the downloaded file as “explorer.exe”, please double click over it and you’ll see that System Care Antivirus will get terminated forcefully. Please keep in mind that the malware is not out yet but just not running temporarily in your computer.

3. Follow the instructions shown on screen to install the removal tool completely and then do a Full Scan of your computer to discover what is hiding in your computer. Full scan will automatically uncover System Care Antivirus as well as lots of other threats which might be hiding in your computer since quite some time.

4. When Full Scan is complete, click on “Fix Threats” button and get rid of all the malware easily. Now reboot your computer and that’s it. Now you can use your computer same as before without any interruptions.

B) Manual Removal Method

Manual removal is all about using your own knowledge to get rid of the malware and this method can be risky at times. If you don’t know how to find the infected files and correct registry entries, you won’t be able to remove the malware fully. On the other hand, If you leave traces of the malware on your computer, System Care Antivirus will return back in no time and start bugging you again.

For this reason, please follow manual removal steps at your own risk and don’t delete any files just because you think that they are infected.

1. Before you do anything else, you need to stop System Care Antivirus from running in your computer so that It can’t interfere with removal process. To terminate System Care Antivirus forcefully, you need to download Process Explorer and save it as “explorer.exe” on desktop. Once you’ve got Process Explorer on your computer, run it and End task System Care Antivirus.

2. Now find these malicious files and delete them permanently :

%CommonAppData%\<random numbers and chars>\
%CommonAppData%\<random numbers and chars>\<random numbers and chars>
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.exe
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.ico

Please don’t delete any files from your computer If you feel that you’re deleting the wrong onces.

3. After deleting malicious files, edit the registry and remove malicious registry entries so that malware can’t launch itself at startup. To run registry editor, click on “Start—>Run” type, “regedit” and click OK button.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “<random numbers and chars>”

If you follow manual removal steps correctly, you should be able to remove System Care Antivirus. Please also keep in mind that manual removal instructions may get outdated at anytime. Although we try to keep the removal guides fresh but If the malware changes its way of working, you can always try your hands on Automatic Removal as this method is supposed to work all the time. If you’ve any questions, please feel free to post them here.

System Progressive Protection Removal – Video Guide

Rogue AVs 1 Response »

Oct 162012

System Progressive Protection is a dodgy antivirus software which is actually a virus itself and It is designed by the cyber criminals to lure consumers into buying a fake software. System Progressive Protection virus enters forcefully in the computer bypassing your antivirus products and other security shields. Criminals behind such rogue products continue to change their products every other day so that genuine antivirus products can’t catch them so easily. They release a new variant of same malware everyday and before you update your anti-virus software, System Progressive Protection gets inside your computer and takes control over everything.

Keep in mind that rogue antivirus products like System Progressive Protection can not get inside your computer unless you make a mistake yourself. That mistake can be downloading something off the Internet which is actually malicious and System Progressive Protection is bundled with what you are downloading. This is the tendency of fake products, they get inside the computer as a legitimate download and once you execute the downloaded stuff, you becomes a victim of this scam which is designed to look legitimate.

System Progressive Protection looks like a legitimate application and If you don’t do further research on the product before buying it, you are sure to fall into this scam. System Progressive Protection does a fake scan of your computer and tells you that there are numerous infections on your computer and your passwords are being stolen by third parties. To fix all the threats, you’ll be convinced to buy full version of System Progressive Protection.

Here is screenshot of system progressive protection doing a bogus scan and showing a predetermined set of scan results :

System Progressive Protection

System Progressive Protection Alert

Download Removal Tool and Save It as “Explorer.exe” On Desktop and Run It!

System Progressive Protection shows a pre-determined list of infections which are genuine and all the reports infections are nowhere present on your computer. This is just a scare tactic to get your worried so that you pull out your credit card and pay money to get rid of all the problems. We suggest you don’t pay attention to the bogus alerts popping up everywhere in your computer. System Progressive Protection virus is behind all the strange things happening in your computer. Here is what it does when active inside your computer :

1. It blocks all legitimate programs from running and tells you that they are infected with malware.You can’t even run Notepad when the program is running. Try to run it and you’ll get this alert :

System Progressive Protection Alert
2. It manipulates many settings inside your computer and even fake alerts pop-up from system tray :

System Progressive Protection Fake Alert

3. It makes your computer slow and tries to download even more malware to your computer.
4. It won’t let you access Internet and block all the tools you might use against it.
5. You won’t be able to access registry editor, Task Manager or other applications which might help you remove it.
6. It will launch itself at startup and won’t give you a chance to close it.
7. Latest variants of System Progressive Protection are showing much aggressive behavior and even running in Safe Mode.
8. It will force you to purchase the product all the time and every second pop-up will push you to purchase the software. Their purchase page looks like :

System Progressive Protection Purchase Page

9. Lots of different scary alerts will pop-up and better ignore all those messages and warnings without a second thought.

System Progressive Protection is a fake software and can’t help you with anything. Before your computer gets infected with more dangerous malware, remove this fake product and all its traces now to get your computer in good shape again. You can follow the removal steps in next part of the guide.

How To Remove System Progressive Protection

Before the malware invades your computer, you can remove it yourself by following the removal guidelines outlined below. These removal methods are 100% tested against the malware and work all the time without any fail. We’ve tested these methods ourselves before publishing them on the website. You can see the removal video below just to know how the removal process works.

There are two removal methods you can utilize to get rid of System Progressive Protection and we’ll outline both removal methods below. First removal method is by far the most popular one and doesn’t require any sort of work on your side. Second removal method is tedious and It is less efficient in most cases.

1. Automatically Remove System Progressive Protection

As you can understand yourself, this method is all about removing the malware with a genuine and trusted anti-malware application. Scammers are coming up with new malware everyday while security companies are releasing new updates everyday to combat with the malware. You can remove System Progressive Protection automatically by following these steps :

A) When this bogus software is running in your computer, click on Start—>Run and type “http://www.rogueavremovals.com/remover.php” and click OK button. Alternatively, you can also click on this button :

B) This will start downloading the removal tool from our website. Save the file you are downloading as “explorer.exe” on desktop. Please note that you MUST save the file as “explorer.exe” and If you’ve downloaded it with a different name, rename the file to “explorer.exe”.

You might be wondering why we are stressing so much on the file name? This is because System Progressive Protection can’t close critical processes of Windows and “explorer.exe” is one of them. It is a trick to fool the malware into thinking that you are running a windows process while in reality you are launching a software to assassinate it.

C) After downloading “explorer.exe” on desktop, double click over it and you’ll see that System Progressive Protection will get terminated automatically. Please note that the software is not out from your computer but closed temporarily so that It can’t interfere with removal process.

D) Now the download of Spy Hunter will automatically start and you need to wait for a few minutes until the software is fully installed in your computer. Once the software is installed, do a full scan of your computer and It will catch all the instances of System Progressive Protection malware as well as all the other threats hiding inside your computer. Here are the scan results showing malware inside the computer :

Automatic Removal method is the safest and most effective method to remove the rogue software as well as all its traces. Even if you don’t know anything about computer’s or haven’t dealt with a malware before, automatic removal is your best bet.

Here is the removal video of System Progressive Protection from our research lab. See this video to learn how to remove the malware :

B) How To Remove System Progressive Protection Manually

Removing System Progressive Protection manually is a tedious task and requires lot of efforts on your part. If you are not well versed with computers, following manual removal steps may create even more problems. Manual removal means, you need to remove everything yourself without any from other means. If you are leaning towards removing System Progressive Protection manually, please keep in mind the followings :

1. Manual removal is not always successful and success rate is low compared to automatic removal method.
2. If you are not sure how to edit registry and delete files, don’t do anything based on your guesswork.
3. It is nearly impossible to catch all strains of the virus manually because you can’t check every single file on PC.
4. Manual removal steps may get outdated at anytime If malware changes its way of working.
5. Manual removal can invite additional problems If not followed correctly.

Here are the manual removal steps and please follow them carefully :

1. Download Process Explorer and save it as “explorer.exe” on desktop. Process Explorer is a utility from Microsoft which works exactly as Task Manager.

2. After downloading Process Explorer, click on “explorer.exe” to launch Process Explorer. Locate the process of System Progressive Protection (It will have strange file name), right click over it and select “End Process Tree”. Click “Yes” on the appeared dialog box. This will close System Progressive Protection forcefully.

3. Now locate these malicious files on your computer and delete them :

%CommonAppData%\<random numbers and chars>\
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.exe
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.ico

Search for suspicious files in above folders and delete them. make sure that you delete the files manually so that you don’t face additional problems with your computer.

4. Run Registry Editor (Click on Start—>Run, type “regedit” and click OK) and delete startup entries of malware :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “<random numbers and chars>”

Please note that Registry Editor is the essential part of your computer and editing it incorrectly may cause serious further problems to your computer.

5. After removing the malicious registry entries, look inside more folders on your computer to make sure there are no strains of virus on your computer. It is always beneficial to scan your computer with a software to make sure nothing is left on your computer.

After following above steps, your computer should be back on track. If you follow any problems with manual removal steps, you can always try automatic removal method instead. If you’ve any questions or concerns, please post here and we’ll answer those publicly.