Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Sunday, November 6, 2011

Remove "Privacy Protection" (Uninstall Guide)

Tell your friends:
Privacy Protection is a rogue antivirus program which allegedly generates false malware warnings saying that your computer is infected with a variety of viruses and spyware. In a common scenario, victim's computer screen is taken over by very annoying security alerts and 'balloon' notifications. The rogue program blocks legitimate security products as well as certain system utilities to evade signature and heuristic detection. Finally, the fake AV says that you need to by the security software in order to remove found viruses and to protect your computer against other sophisticated malware.

Many people have already fell for the ruse by giving their credit card information to cyber crooks. Although, Privacy Protection is not the most sophisticated malware out there, it may cause millions of dollars in damages. The Privacy Protection malware family, which spreads via infected adult websites as well as keygens and file storage services, has been in development for over two years now. The malware is currently in its fifth or sixth version, can't remember exactly because they are very common but the propagation mechanisms wasn't updated, that's for sure. Anyway, if your computer is infected with this virus, please follow the steps in the removal guide below. Privacy Protection designed to protect is a total scam, do not pay for it!

Here's what the rogue antivirus looks like.



A couple of fake security alerts you may see when this rogue antivirus is active.



Privacy Protection may claim that your web browser or any other problem really, was infected by some form of malware that may send your sensitive information to a remove computer or make your computer unusable, e.g., W32/Blaster.Worm.
iexplore.exe can not start
File iexplore.exe is infected by W32/Blaster.worm
Please activate Malware Protection to protect your computer.


It's worth mentioning, that Privacy Protection may come bundled with the TDSS rootkit. This malware has the ability to download an array of malicious programs, including spyware, adware, and click fraud bots. You can remove the rogue program manually, but not the rootkit I'm afraid. Removing the rootkit is very important; otherwise it will re-download malicious programs onto your computer after a couple of hours and you will experience system slow downs and fake alerts again. So, to remove Privacy Protection and associated malware from your computer, please follow the removal instructions below. If you have any questions or you need help removing this virus, please leave a comment below. Good luck and be safe online!

http://deletemalware.blogspot.com


Manual Privacy Protection removal instructions:

1. Right click on the "Privacy Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.



The location of the malware is in the Target box.



NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled:

- Hide extensions for known file types
- Hide protected operating system files

Click OK to save the changes. Now you will be able to see all files and folders in the Application Data/Program Data directory.

3. Rename malicious process.

File location, Windows XP:
C:\Documents and Settings\All Users\Application Data\privacy.exe

File location, Windows Vista/7:
C:\ProgramData\privacy.exe



Rename privacy.exe to virus.exe or whatever you like. For example:



4. Restart your computer. The malware should be inactive after the restart.

5. Open Internet Explorer and download TDSSKiller. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller and remove the rootkit.



6. And finally, Download  recommended anti-malware software (direct download) and run  run a full system scan to remove Privacy Protection from your computer. That's it!


Privacy Protection removal instructions in Safe Mode with Networking:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Open Internet Explorer and download TDSSKiller. Run the utility.

3. Then download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.


Manual activation and Privacy Protection removal:

1. Choose to remove threats and manually activate the rogue program. Enter one of the following code Y76REW-T65FD5-U7VBF5A (and any email) to activate Privacy Protection.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. Remove the TDSS/ZeroAccess rootkit (if exists). Please follow this removal guide: http://deletemalware.blogspot.com/2010/03/tdss-alureon-tidserv-tdl3-removal.html


Privacy Protection associated files and registry values:

Files:
  • C:\Documents and Settings\All Users\Application Data\privacy.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Privacy Protection"
Share this information with other people:

95 comments:

João Almeida said...

My PC was infected with this scareware, and i did exactly as directed but when i Reboot and start in normal mode i do not have time to run the STOPzilla because the scareware blocks again all PC functions.

Lindsay said...

Definitely infected with Privacy Protection, however, when I run TDSSKiller in safe mode it fails to detect anything. If I then reboot normally I am unable to run STOPzilla or anything else. Any advice?

Brooklyn said...

Hi - I have followed steps 1-3 for Privacy Protection Removal and renamed STOPzilla as winlogon.exe. I did not manually activate the rogue program. But when I restart in normal mode and try to run it as an administrator, a STOPzilla box comes up that says "Collecting setup information" but then nothing happens. After it stops trying, a STOPzilla Setup message appears that says "Slow or incomplete download can be caused by malicious software and/or configuration issues. Please call toll-free installation support line at 1-877-288-1731 for assistance." Help!

Anonymous said...

Thank you so much!

Admin said...

Brooklyn, the rogue program is blocking STOPzilla. You can either call support line or use other anti-malware software.

Admin said...

Run TDSSKiller in Normal Mode too.

Anonymous said...

Help! I deleted the Privacy Protection desktop icon from the Recycle Bin on my laptop before googling these instructions on my roommate's (uninfected) laptop. I downloaded Pandora Recovery onto a flash drive from my roommate's computer, but when I try to open it from the flash drive on my computer the virus blocks it from running. So, I can't recover the deleted Privacy Protection desktop icon in order to manually remove it. Is there anything I can do? Thank you so much for your help, this is extremely frustrating

Anonymous said...

My wife had this, it put itself in User/[usename]/App Data/Roaming at set itself as a Startup Item. I started in Safe Mode, deleted it from the directory and disabled it from Start Up Items. She could then run her Application again in normal mode. But I am nuking the system just in case. Later I will attempt a curse on the perpetrators just in case it works. How about cancer you &^!*@%'s? You deserve it and worse.

Anonymous said...

I got this on my laptop using a desktop to find this we are working on it now hope it works i hate people who have nothing better to do then make viruses

Anonymous said...

Step-by-step procedure :

------------------------------------------------

Note : At first, I was unable to do anything cause of Privacy Protection, so I simulated an activation of the program. To do so, here's how you do :

1 - Click on the register option of Privacy Protection

2 - Enter the following registration code :

Y76REW-T65FD5-U7VBF5A

3 - Register a fake e-mail

4 - Voilà ! You get control back of your computer.
------------------------------------------------

Now let's get to work :

1 - reboot and run windows in "Safe Mode with Networking" as mentionned earlier.

2 - stop the program by typing the following in the invite command :

taskkill.exe /f /im privacy.exe

3 - go to the root directory and delete "privacy.exe".

4 - Run TDSSKILLER, click on "Change parameters" on main window and select the 2 additionnal options. Then click "Ok", and the "Start scan" icon.

Anonymous said...

I just deleted this virus from my laptop, at first i was unable to do anything in the windows account that was infected, so i switch to another user account without loggin off in the infected one, once i logged in into guest account i executed task manager and i selected "Show processes from all users" i stopped the privacy.exe process then i came back to the account that was infected and i was able to delete the virus and the files related to it.

Anonymous said...

I followed the instructions but didn't have time to download & run the dtsskiller. Came back later to do it and now I cannot even get the computer to boot up in any mode. Please help.

Anonymous said...

tried to delete privacy.exe after using ccleaner to delete the startup entry, but doing this completely disabled my system. I ended up having to reinstall windows to get my system back. Now im having to use a Hard drive recovery tool to recover my pictures and lost data...

Lion said...

Here's a success story. I had the bad Privacy Protection screens so I followed the step-by-step advice of anonymous above. As he/she says, "Voila!" The computer operation returned to normal. Thank you. Thank you.

Tina said...

I've only had my computer for 10 months! I completed steps #1-3 and even downloaded TDSSkiler which didn't detect anything. I changed the name of Stopzilla to iexplore.exe but once I run it on administrative mode it says "Slow or incomplete download....call this a 877 number for assistance". Is there anything else i can do? I still have the privacy protection thing on. HELP!!!

Jeff C said...

I also found privacy.exe and ended up not being able to boot into vista and now I cannot even get the computer to boot up in any mode either. driving me crazy..

Anonymous said...

TDSSKiller find nothing... (with all options selected)

i deleted the privacy.exe after going in safe mode then after rebooting, i deleted the registry key... now i need to reboot again becaust i just installed STOPzilla (i didnt find a key but if i like that prog i just downloaded a cracked version :D)

Anonymous said...

Thanks for the help. It is REALLY appreciated. For the user that deleted the icon from his desktop. The path to the virus on my PC was
C:\Users\User\AppData\Roaming\.

I'm running Windows 7 Home addition.

Adam said...

I have the same problem as the last guy. I managed to kill the Privacy Protector through some very quick clicking for the few seconds that the task manager stayed open, but then my system BSOD'd and when I start it back up, all I get is a black screen with a flashing cursor in the top left corner. Tried using vista restore disk, but doing a system restore didn't help. I really have little idea what to do now.

Admin said...

Using CCleaner when the system is infected is not a good idea. You should use anti-malware software first. And when then infection is removed, then you can use CCleaner.

Anonymous said...

Is there any particular reason STOPzilla is the recommended anti-malware program in all of the above descriptions? Online reviews are mixed, but more seemingly more negative than positive. Is it really the best option for this particular virus?

Anonymous said...

Just got this virus and followed the steps. TDSSKiller didn't find anything. STOPzilla has found 3 infections so far. It's really slow, though. The scan may take all night at this rate.

Side note: As soon as I saw icons being disabled on my tool bar I reached over and disconnected the internet cable. I wonder if that helped.

Btw, thanks admin :)

Anonymous said...

Thanks a lot!

Admin said...

Well, it worked for me, so I recommend STOPzilla. However, you can use any other anti-malware software to remove this virus but I don't know if they work. Malwarebytes usually removes such infections too. Besides, you can always get your money back if STOPzilla fails and uninstall it.

Anonymous said...

Thank you SO MUCH! Perfect!

Anonymous said...

SAFEMODE is the KEY!!!!!!!!

Chuck said...

Just wanted to Thank You for your expert knowledge and professional help!

Anonymous said...

i cant get in to the internet to do anything i cant find the privacy protection i cant find anything anyone has suggested im at a loss i have tried to use every program suggested i aam so frustrated i have turned off t/unchecked the show hidden files thing i hAVE TRIED ANOTHER USER ACCOUNT i have looked i have tried everything obviosly i havent tried what will work lol lol lol lol i am at a loss as what to try next i have no access to the internet at all on the infected compter at this stage im ready to throw it up against the wall

every time i try to start anything in safe mode like any anti virus program it /the computer says unable to run in safe mode and its says i need to upgrade it but i cant because i cant connect to the internet although the internet is running becase i can see it running HELP HELP HELP HELP HELP plzzzzzzzzzzzzzzzz

rgrobins said...

I tried using that activation code but got an error msg "Incorrect code" , what next?

Admin said...

Well, then follow the manual removal guide (without the activation).

Anonymous said...

Thank you sooo sooo much!! Your help has been very much appreciated. I have two questions for you though. I have McAfee, and when the Provavy Protection craziness started, I did two scans and it only found cookies, and something call 'artemis' if I'm not mistaken. I was wondering whether to rely on McAfee from here on out? Also, I scanned the computer with stopzilla, and it found the Privacy, but to remove it, it wants me to subscribe and pay a one-year fee. Someone mentioned downloading a crack...does that mean I can get it for free, and remove this ugly malware for good? What are my options?

Admin said...

Yes, you can use STOPzilla to remove this malware from your computer. However, you may use any other anti-malware software if you don't like STOPzilla. Cracks? No, no no!!! :))That's not a good idea, trust me.

Anonymous said...

Thanks very much-rogue and toolkit both banished to hell (at least for now)

Anonymous said...

Thanks for your blog. I had same issue yesterday. Called my friend and told search for Privacy Protection. He found this page and helped me to rename that file. Worked good.
I have trend Micro, it did not help me or blocked it at first.

Anonymous said...

I used safe mode and then system restore to an earlier date. Worked just fine.

Anonymous said...

Thanks so much! I had to do manual activation and removal. It worked like a champ

Anonymous said...

THANK YOU!!

Anonymous said...

HI anonymous brother/sister, THANK YOU SO MUCH
invite command processis perfect !!!

DougRamsey said...

I just found this site.

I ran Avast after my comp got infected, it found a few things and it deleted them or moved them to the virus chest i dont remember. Then rebooted in safe mode ,I deleted privacy.exe in safe mode. ran avast again and it found a a few otherthings which it deleted or moved. I also ran Registry Mechanic which told me there was a couple things to delete(though they may have been unrelated).

Is there any way to fix my computer even though i deleted the exe?

Solitary said...

Hey, step by step guide here for those wondering how to remove this pest :).

1. Safe mode (turn computer on, keep pressing f8 till the options screen comes up then select safe mode).
2. Control Panel
3. Folder options
4. Check show hidden files
5. Go on my computer / your username /appdata /roaming and Privacy Protection.exe should be there. Delete it, go to rubbish bin, then delete it, viola. Hope it worked, it did for me :p.

Anonymous said...

When I right click on the "privacy protection" icon, I do not get a drop down as illustrated. All I see is "open main menu, check for update, settings and help and support". Please advise

Anonymous said...

The only thing i can say is that when this happened i ended up going in safe mode when start up press f8 and than i ended up restoring to a previewa time and it worked it has not appeared thus far all the other precesses sound time consuming.and difficult to understand

Anonymous said...

This was brilliant, thank you so much. I had no idea how to fix my mom's laptop and this was the answer thank you very much x

Anonymous said...

Well I restarted the computer after I renamed the file virus and Av Protection popped up randomly now what!?!?

Anonymous said...

My computer went on start up repair and it was okay when it restarted. Hopefully it is totally gone now.

Master Eridax said...

I just got this virus about an hour ago (thanx, Firefox auto-restore) and it's already gone from my system (I'm running XP, current SP). This is what I did-
1) when it became apparent there was a problem with all my programs crashing (about 3 seconds after I misclicked a link), I did a SCRAM (not smart, I know, but I think it may have helped)
2) rebooted Windows and tested both Windows Defender, Task Manager and ran the REGEDIT tool through the run function; none of these worked. I shortly thereafter discovered that NO programs worked
3) got the Privacy Window pop up, which I closed to discover the shortcut on the desk-top. Googled it (here I am, right?)
4) right-clicked on the shortcut and followed it back to its source (it's in a hidden file, Application Data, under the Documents and Settings file on the C or equivalent). Tried to delete the program, which failed due to "disk being write protected or full."
5) Tried to change the program's extension, which, while possible, did not stop it from functioning.
6) Rebooted in "safe mode with networking" and logged on as master Administrator
7) pulled up Task Manager first thing to monitor activity and then followed back into the Application Data file. Once there, I was able to delete the defender.exe file without interference and then emptied the trash
8) Restarted once more in normal mode and checked the registry for any "Privacy" or "Protection" files, of which there were none
9) as this normally comes with a "hidden" rootkit as well, I downloaded the Kaspersky TDSSKiller program and ran it; it found no threats.
I'm assuming that I'm in the clear, as the rootkit is the big problem, creating a hidden backdoor into the system that Windows can't "see" and allowing a whole bunch of nasty things into your computer. Kaspersky being a reputable antivirus company, I have some faith in their program (it's free) and my system is back to normal. All this was done in less than 1 hour. I'm going to manually check the registry one more time but everything on my end looks normal....

Anonymous said...

This guide was incredibly helpful and so were the comments. ^^ The easiest way for me to remove it though was to use restore from a few days ago. Then I ran Malwarebites anti-malware nad 143 things infected. D: So I went to quarantine and deleted them. Then I restarted and ran ccleaner to be sure. THen I ran a microsoft security essentials check and checked all files on my computer. (Im very paranoid.) And thus, I have to say no threats yet. I will also point out when microsoft security essentials says unprotected it is best to update lol. Thats how it got me >.>

Anonymous said...

I want to thank Anonymous for his " Y76REW-T65FD5-U7VBF5A" key. It really worked. I followed the step by step instruction and cleaned my laptop.

I have McAfee paid version installed on my laptop inspite of that it got corrupted. When I called them, they said that I need to give them $ 85 to clean it. Suckers...

Anonymous said...

I was able to rename the EXE file to txt. Then restarted PC and deleted the TXT file.

Anonymous said...

Thank you very much for putting this information on the web. I followed the directions and removed the malware. Happy Thanksgiving!

Anonymous said...

Another way to disable privacy protection is to start up the task manager right wehen you log in and end the task before It can even start. You should be able to use and download legitimate anti spyware programs to get rid of it. It worked for me.

Anonymous said...

I just reset to a restore point. That worked.

Admin said...

You should still scan your computer with anti-malware software.

Anonymous said...

So happy that this information was supplied. When system restore wasn't working. Started to use my cool. But while some spread bad over the internet. This page is an example that good still triumphs. Thank you very much to all that had great tips. My route was using the KEY then deleting the file in safe mode, restarted in Normal Mode ran a TDSSKiller, found nothing and everything has been smooth sailing.

Anonymous said...

I recommend system restore. After I disabled the malware, I could not remove it no matter what I tried. I did a system restore from a week ago and everything appears to be gone. I dont know anything about computers, but I hope nothing comes back.

Anonymous said...

im too scared, becuase the alert came up as shown in the second picture, and as it did, as massive scream came up

Anonymous said...

i suspect disabling windows updates a few days ago caused the lapse in security that had been otherwise problem free for three years.

i first noticed a problem at 1:55AM. A program called Cloud AV 2012 showed up in my quickbar. Several minutes later my programs shut down and this privacy protector program started scanning my computer for "threats". the interface and messages are identical to those pictured above except the associated company in the gray font beneath the privacy.exe icon is 'Toshiba Corporation' - my computer is a mix of random companies without memorable names - which seems a bit random.

the bad program didn't reach my laptop despite the direct connection nor this computer via the home's router.

According to this malicious software's scan - each of these five malware names were associated with the 45 infected files:

w32.Blaster.worm
Email-Worm.Brontok
Backdoor.Win32.Scrab.p TrojanDownloader:Win32/Bredolab.X
Mal /Generic -A, Trojan.Agent

The 45 files were: 1 empty folder, 2 .sys, 8 .exe and 34 .dll files.

I tried shutting down the processes with the task manager before they had a chance to boot at startup, but it was like playing a game of whack a mole - the viral processi usually taking up 13-16kb memory being the moles. I eventually made the processes stop, but my start bar or desktop shortcuts never appeared.

I've spent the last 3 hours searching my house for my xp pro oem disk without success. I guess its time to use linux again...and then stop using computers altogether. Thanks for all the advice possible workarounds.

Cloud AV 2012 maker and privacy protecting friend make high speed life such a drag.

Its interesting our problem occured at about the same time, however my headphones weren't in my ear so i have no idea if the program screamed at me.

Anonymous said...

Application Data/Program Data is locked for me and will not let me open it what do i do???

Mallory said...

In Safe Mode, deleted the file through Application Data, and then I deleted "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Privacy Protection" in the Registry. This appears to have worked.

However, I cannot use Mozilla Firefox. IE and Chrome work fine, but Firefox won't connect and then just crashes. Is this possibly related?...seems a large coincidence. Ideas? Thank you!


(and to the Anonymous above me, make sure you are logged into Windows as an Administrator)

Anonymous said...

I have now gotten this virus 3 times and would love to hear theories on how my computer keeps picking it up. Someone mentioned that they got it from Firefox Auto-Restore I think? Also, I wish I had found this website before today since my computer is at Best Buy again for the 3rd time in as many weeks...

Anonymous said...

thank you, Thank You, THANK YOU!!! I know next to nothing about computers, and your excellent instructions helped me get my laptop back!

Anonymous said...

I HATE THE SCREAMING NOISE IT MAKES WHEN THE FIREWALL THING POPS UP. Scared the shit outta me! I'm working on getting rid of this through safe networking right now, hopefully it works! ill keep my fingers crossed! so far everything looks great

Anonymous said...

It worked but now some files are locked on my laptop. like the Documents & Settings is locked so is the Recovery. I wanted to go in there and make sure the Privacy protection is truly gone cause the icon still sits on my desktop.

Anonymous said...

Thank you so much. i followed your instructions and they worked just as you said

Anonymous said...

system restore didn't work for me. So I right clicked the protection icon, clicked on properties, then clicked on the bring up file option. I dragged the file to the desktop. I then restarted the computer, but it let it enter normal mode. The second the desktop screen appeared after user login I activated task manager. I have spy bot set to automatically run at start-up. This time it prevented the virus from starting up, allowing me to deny the change. I was then able to move the file and the shortcut to the trash and delete them. So far windows defender hasn't picked anything up after scanning and installing updates. Downloaded kaspersky tdss killer, and no threats detected!

Anonymous said...

Running Windows7 BTW HELP WOULD BE NICE So I got on this website AFTER finding the shortcut, stupid me deleted the shortcut right away into the recycle bin(WHAT WAS I THINKING?!) but then I used Windows Defender(told me to remove it right way..which it did) Can use internet, chrome ect right away now. None of my icons disapeared off my dash like when it first said so and said they can't be opned thanks to the exe. THE ONLY problem...worry...I'm guessing worry would be is that the privacy.exe icon when I go to my icons, it's changed into the form of the battary charger symbol. Is it still on my computer or no?

OrangeSUnshine said...

Thank you! This was extremely helpful and worked out perfectly.

Anonymous said...

Wow. This worked great for me. Thank you so much for taking the time to post it. I am not terribly computer savey, but it seems to have worked for me. A crucial fact I missed early on is to open windows in "safe mode" (like I said, not technically savey) and it took me a while to figure out that the "AppData" file couldn't be accessed without doing that(and enabling viewing). However, once I was in safe mode, I was easily able to find the bastard and delete it. I used TDSS killer and it didn't find anything and then went ahead and shelled out the $30 for STOPzilla to remove the files it found. I too pay for McAfee and am a little baffled as to why it was powerless to stop this or to detect/remove it. Thanks again for the person who maintains this site and the people who provided the tips.

Jumonji said...

Oh my god thank you so much!

Ugh, I was considering just wiping my system in order to get rid of it, considering that I'm a bit paranoid when it comes to viruses and such. At the moment I'm running the Guest profile on my computer with an XP operating system. Doing what you said, running a scan with AVG Free 8.5 to get rid of any nasty things my computer may have caught.

But this saved me the trouble, ALL of it X3.

Uhm.. Thanks ^///^

Anonymous said...

Ive done everything as it said in the instructions, i restarted it, downloaded the tdsskiller but it says it cant find any threat, what should i do?

fitriana said...

A billions thank you for you who share how to solve this malware. I really thank you...May Allah always blesses you. Sucsess

Kirk said...

Just got this virus and thank goodness I found this site before any damage was done. The instructions worked for me and fortunately I didn't have the rootkit. I, like several people above, pay for McAfeee, but it was sleeping on the job. Thanks so much for posting these instructions!

Anonymous said...

Had a mini heart-attack when this happened. It said that my computer was infected something called w32 child-porn proxy... (what). Then I took matters to my own hands and followed the instructions; it worked like a charm! Thank you so much for posting this, I am forever in your debt. :)

Floyd said...

Wow. Thank you for your help. Have a computer with this virus and logged on for help on my lap top and inside of 5 minutes the problem was solved!

Thanks again.

Floyd

Anonymous said...

Hey guys... try malwarebytes, it just removed this annoying virus in one scan.. and no more problems... I hope this will help.


http://forums.malwarebytes.org/index.php?showtopic=99247

jaymesu2 said...

Thank you, thank you, thank you!

JM said...

Used the Malwarebytes download and it worked good so far.
I started to do the method posted earlier, but when I tried to download STOPzilla, it said it could not be downloaded to my PC.
So then I tried the "fake Registration" fix. When I scanned with TDSSKiller, it found nothing.
So I used the Malwarebytes download and in 5 min. the problem seems fixed.
Still concerned about this statement in the original post:

"You can remove the rogue program manually, but not the rootkit I'm afraid. Removing the rootkit is very important; otherwise it will re-download malicious programs onto your computer after a couple of hours and you will experience system slow downs and fake alerts again."

How do I get rid of the rootkit?

Anonymous said...

Thank you for this information - my dog actually ran into the room every time that scary teradactile sounding popup popped up -he was looking for a threat too! These steps worked! I appreciate your taking the time to help us out...

Anonymous said...

The problem with my computer is that i am not able to locate the privacy protection file at tyhe given address (I have Windows 7)... please help...!!!

Anonymous said...

after 2 days of panic...solitary's steps worked for me...many thanks

Anonymous said...

alright maybe im an idiot but, when privy protection showed up I discovered I had no other active protection softwares(presumably how it got in). I then downloaded AVG through safe mode. AVG moved a bunch of virus files to the virus vault and now I have no more issues with pop ups but my computer wont connect to the internet. (currently using another one) Since I cant find privacy protection anywhere, is this an unrelated issue or did I just mess up?

Anonymous said...

Thank you!
I managed to remove from my computer!

Anonymous said...

Help in a state of panic i deleted the shortcut to see if that would help so i cannot start the first part of deleting this virus, is there anything else i can try or do please help

Anonymous said...

Thanks a lot! You are champion

Anonymous said...

worked great for me. except I used kaspery(may not be spelled right) tdss root-kit remover, spy-bot search and destroy, and AVG antivirus. I did take all the steps recommended by this site though. Thanks.

Anonymous said...

For anyone who has removed the virus but been left without an internet connection, follow this:

Right click on My Computer Icon
Click on Hardware
Click on Device Manager
Find network adaptors in the list, right click and delete
Restart the computer.
The network drivers should reinstall and your connection should now work!
Did for me anyway...

Anonymous said...

I changed user accounts, found the icon, renamed it virus.ext, giving it a false extension so it couldn't start and restarted. It stopped the virus, then I just deleted it. Also ran Advanced Care malware.

Anonymous said...

For anyone still using it DON'T USE McAfee if you like the firewall/paid protection try ESET(Nod32), BitDefender or Bull Guard.

Anonymous said...

Hello! I have pop-up window on desctop "Internet Security 2012" and other messages like described above: ... is in infected by W32/Blaster.worm Please activate Internet Security 2012 to protect ...
Is it the same way to fight this virus? Please help.

Admin said...

Internet Security 2012 is basically, the same virus. Removal instructions are the same.

Anonymous said...

holy crap, the simplest one worked. hit task manager before the evilness got the chance to pop up, but you have to be quick and find it and end the process, thank you people u all are great! :)

Anonymous said...

THANK YOU SO MUCH! I'm average skill when it comes to the computer. Your instructions were so easy to understand.

USMC5811 said...

i cant do anything...i try to start in safe mode, it freezes, i try using a recovery disc to do a restore, it wont read the disc. the activation keys wont work,m and i dont have the icon on my desktop. im at a complete loss...someone please save me!

fucnayanthara said...

my mouse also not working cause of the privicy protection what i do?
But my mouse work in Windows7.please help

Anonymous said...

I can't change privacy for virus, what can i do??