Click on screenshot to zoom
Danger level 7
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

System Protection Tools

It does not matter what infections System Protection Tools presents to you, there is nothing reliable about this simulated security program. System Protection Tools is a tool of cyber criminals to make you believe the legitimacy of System Protection Tools and pay money for a supposedly real full version of the rogue. The best way to deal with this infection is to remove System Protection Tools from the system in order to protect the system.

Not deleting System Protection Tools from the system means that you will have to put up with this rogue. It will scan your system and present fictitious threats; moreover, you will receive fake security messages claiming that a virus or Trojan has been detected. After the introduction of these issues, you are expected to lose your mind and do what System Protection Tools wants you to do which is to pay money for the fake “full” version. We strongly recommend that you not make any money transfer but delete System Protection Tools from the system.

The deletion of System Protection Tools might be a challenge if you chose a manual removal. You need to get rid of System Protection Tools completely which means that you cannot miss any files related to the rogue. A file of System Protection Tools skipped during the removal might download a new infection or regenerate the same one. It is highly advisable to use a legitimate antispyware tool which will remove the infection and not leave the constituents of System Protection Tools in the system. As a result, the system will be protected, and the same problem will not occur again.

UPDATE

It might be easy to confuse System Protection Tools with an legitimate application because of its name, but truth to be told, this rogue is not a new player in the field. It is a part of a bigger rogue family that includes such notorious threats as Malware Protection Center, Best Antivirus Software, Best Virus Protection and many other similar applications. They all share common interface, so System Protection Tools has the same sophisticate cherry look, just like its predecessors.

System Protection Tools also project a rather professional image with its "full" system scan, presenting you with the list of malware that you have to delete from your computer. There are such infections on that list as Trojan-Spy.HTML.Bayfraud.hn,
Trojan-PSW.BAT.Cunter
or Trojan-PSW.Win32.Hooker, and System Protection Tools always "provides" information about the infection, giving the name of the infected file, for example: C:\Documents and Settings\user\Recent\services.drv.

However, this is where System Protection Tools makes and obvious lie, because services.drv is an absolutely harmless file. The rogue only puts the blame on it, trying to build a respectable image. This files and many others (like cid.exe, eb.drv, PE.tmp, tempdoc.exe etc.) are created by System Protection Tools itself, and the rogue drops these files upon the installation, so it could later on blame it for the symptoms your computer experiences.

The rogue is obviously targeting a wide circle of global users, because depending on where you are, System Protection Tools changes its interface language. We have seen it easily switch from English to French.

However, most of its fake security messages are usually in English:

System Alert
System Protection Tools has detected pontentially harmful software in your system. It is strongly recommended that you register System Protection Tools to remove all found threats immediately.

Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Bankfraud.IX

System Alert
malicious applications, which may contain Trojans, were found on your computer and are to be removed immediately. Click here to remove these potentially harmful items using System Protection Tools.

System Protection Tools will try to resist the removal by blocking various programs, and not allowing to access the Internet. In order to make the removal smooth and easy, you should "activate" it with this:

U2FD-S2LA-H4KA-UEPB

Click on the button that says "Activate full protection" and enter the code above. Afterwards, do not wait any longer and acquire a powerful malware removal tool that will delete System Protection Tools at once. You cannot allow this rogue to remain in your computer, because even if it is subdued it can come back any minute. Make sure System Protection Tools is gone once and for all.

Download Spyware Removal Tool to Remove* System Protection Tools
  • Quick & tested solution for System Protection Tools removal.
  • 100% Free Scan for Windows

How to renew your internet connection:

This rogue antispyware blocks your Internet connection to prevent you from removing the rogue application. To enable the Internet connection, please follow these instructions:
  1. Open Internet Explorer and go to >Tools< select >Internet Options<

  2. Select >Connections<

  3. Select >LAN Settings<

  4. Now you need to uncheck the checkbox labeled >Use a proxy server for your LAN< in Proxy Server section. Then press the >OK< button to close this screen and press the >OK< button to close the Internet Options screen.

  5. Now you can download the SpyHunter scanner and remove the infection.

Download Spyware Removal Tool to Remove* System Protection Tools
  • Quick & tested solution for System Protection Tools removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove System Protection Tools

Files associated with System Protection Tools infection:

%CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
%CommonAppData%\58ef5\SPT.ico
%StartMenu%\System Protection Tools.lnk
%Programs%\System Protection Tools.lnk
%Desktop%\System Protection Tools.lnk
%AppData%\System Protection Tools\ScanDisk_.exe
%AppData%\System Protection Tools\Instructions.ini
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Protection Tools.lnk

System Protection Tools processes to kill:

%UserProfile%\Local Settings\Application Data\[random]\[random].exe

Remove System Protection Tools registry entries:

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SPT.DocHostUIHandler
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "System Protection Tools"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
Disclaimer

Comments

  1. Brenda May 14, 2014

    Hi, my name is Brenda. every time I start my comp I get this message: windows can not find searchprotection.exe. also, since this has started my system restore will not restore to any restore points. I can not find any evidence of any of the files that you have listed above. Can you help me with this issue?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.