Windows Protection Suite is another nasty security application which is foolishly promoted to hunt down and paralyze new and clever threats detected in the computer system. Looking as a legitimate security application with many useful features, for example fast automated updates, real-time protection, low CPU load and others, WindowsProtectionSuite may be easily compared with other antipsywares and become a real headache after downloading it.
Like its initials Antivirus Antispyware 2011, Windows System Suite or Windows Security Suite, this parasite spreads itself via Trojans, fake codecs or malicious websites. When installed to the system, it declares to detect spyware or other harmful software after a fake computer scan. All the continuous results are showed only to scare and scam unaware people into spending their money for this parasite. However, paying $49.95 is not worth in any circumstances. Windows Protection Suite is a fake useless antispyware which is able neither to detect nor to remove any kind of parasite. Remove Windows Protection Suite as soon as possible!
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Hi,
I most definitely have the Windows Protection Suite problem, but can not find any of the processes you mention. I am now downloading spdoc.exe from 2-viruses.com as you recommend, but am worried about the processes. Do you have any suggestions?
Regards,
Basie.
Basie,
Just make sure to update Spyware Doctor! there are couple of Windows protection Suite trojan strains, so process names might vary.
Is there any evidence that “Windows Security Suite” is a keylogger or that it harvests sensitive data? I have a client with this parasite installed on her server – the same machine she processes credit card transactions on. I’m trying to determine the possibility of her customers information having been compromised. Any info you have would be appreciated.
Thanks,
Troy
hello
I am have windows protection suite also and cant get rid of it no matter how many anti virus programs I use. Dont really want to try unistalling it manually because I dont know how, any suggestions??
Troy: Windows Protection Suite is dangerous in 2 respects:
1. It is installed by trojans, that download additional malware to PC. So you are part of bot network, the PC is infected and not secure. You can not guarantee for its security. If you downloaded it from the web, it might get packed with trojans as well. Many such parasites come bundled with trojans.
2. Typically, such rogues process credit cards through rogue sites. That is sites created only for single purpose – gather as meny cc details and charge them as much as possible till they get closed. They are not legitimate payment systems – they have no webpages or such. It shows that they do not plan to stay online for long.
So, if your client had paid for any of this malware, he should contact bank and possibly block the CC.
Thanks for the feedback.
Troy
I also have this problem. Definetly been infected with this windows protection suite virus, I have tried spydoctor also but it won’t budge. I also have the problem with trying to get into task manager too, I can’t open it either. Why is this?? I’m at my wits end!!!
Try re-download Spyware Doctor, or if you have it, download an update (if it launches). There are couple of trojan versions that install this parasite, and some might need an update for now.
Help! this windows protection suite is tough. I tried to remove it from the main control panel and it said access denied! what’s that all about? I thought I was the owner of the computer!!! Has my other files been affected? it says it has attached itself to my main documents and settings. At the time my scan disk was in the computer are thoses files affected also? should I pay office depot 160.00 to remove it? If I download the spyware stuff from the internet is there a fee at the end? to keep it? When the program hit the computer I had AVG and it let it come on in!!! and took control of the anti virus program. I then purchased panda internet security and it ate it up also. Like I said before HELP!!!
Gail : I would recommend automatic remover as long as you are not computer expert. I have best experience with Spyware Doctor ( recommended here), though you should pay for it only if it finds something. For free solution, you might to try some free or semi-free removers like malwarebytes anti-malware ( it does not have real protection module in free version, also there is higher probability that it misses something). Another way is to pay for online help teams ( Symantec, for example), but it is costly.
I have a client that had this infection today. I was able to guide them by phone to Software Doctor. They downloaded it and it found the Windows Protection Suite and some 800 infections. Software Doctor reported that it had cleaned all of those infections and the computer was clean. No sooner had it completed and given that message Windows Protection Suite put up another pop-up. Upon examination, it is still listed under programs but not listed on the Control Panel. Any thoughts anyone?
Bill : Software Doctor or Spyware Doctor? 🙂 If Spyware Doctor, you should check if your client updated it. Second, I would do a followup scan with some other legitimate program, as no single program can give 100% protection from all parasites (usually they are scam if claiming so). 800 infections (as long as they are not cookies) means tough problems. I would try scanning with malwarebytes antimalware for followup. They do not provide real time protection in free version, however their remover works. Its database is a bit different and it might catch some remains of trojans Spyware Doctor cant.
Thanks so much Admin. Yes it was Spyware Doctor and thanks for understanding what a loooooong day it was yesterday. We have downloaded the trial version of malwarebytes antimalware and it is currently at work. Windows Protection Suite continues to throw up pop-ups. We are hoping for the best. Will advise outcome. Very best.
I too have been invaded by windows protection suite whilst protected with free avg virus software. I have purchased full avg protection but cannot download it and they cannot fix it. So having read these blogs I have downloaded Malwarebytes but concerned that I have to pay for it although it initially said it was free? Have you paid for the malwarebytes to clean your computer of infected files?
@Bill
Deb: Malwarebytes have their remover free, however real time protection is not. I found it has problems to remove some heavier infections alone – couple of users reported that malware returns after reinstall. Still, it is a very good tool from the list of free ones. You should do follow-up scan with free Spyware Doctor scanner (remover is paid) to check if something is still on the system.
AVG does not have rootkit protection module, so it can not provide real protection ativirus should.
I was blessed with Windows Protection Suite this afternoon! How do you download the Spyware removal when it doesn’t let you get onto the internet? The computer is frozen; it lets up and then freezes again. I’m using my laptop right now.
Use a flash drive or a CD. If you use flash drive, better use one that can be switched to Read -Only mode.
HEY!! A friend of mine got hit with this, and it also re-writes your hosts file to redirect all major search engines to a rouge address. MAKE SURE TO REPLACE OR DELETE YOUR “hosts” file when you clean this out!!
This version of the “protection” suite also disabled the task manager, which none of the standard methods I have tried will recover.
Bart: typically, they only disable and not corrupt task manager. You could try http://www.2-viruses.com/wp-content/uploads/task-manager-fix.reg to fix registry and be able to launch task manager again. Might not always work though.
_hi uhm i am having a little problem about the windows protection suite so i have to uninstall so i need you to help me remove it.
_can you help mE ????
My sister’s PC was infected with Windows Protection Suite. I tried to follow all typee of instructions I could find for its removal with no success.
Task Manager was blocked.
I could not find the files.
CMD commands did not work.
Anti-virus softwares were blocked.
After 3 hours, I decided to go for a system restore back to the earliest date prior to infection.
After re-booting, it seemed to work so I immediately ran McAfee antivrus. It caught and deleted/cleaned 3 trojan files. So far it seems to have worked.
Raed : Check your pc with anti-spyware scanners as well. McAfee might leave something behind. Wasn’t it already installed when infections had started ? 🙂
my father was accidentally installed Windows Protection program.I’m a bit weak in English to Turkish dictionary with the help of these words I write :D.I want to remove Windows Protection Suite program can you help me? But I’ll be happy if you would hurry up a bit quicker.DI bana yardımcı olabilir Windows Koruma Suite programı kaldırmak istiyorsunuz? Eğer hızlı biraz acele istiyorsunuz Ama mutluluk duyarız.
I have got this windows protection suite nonsense on my pc somehow and have verizon internet security suite(VISS). it hijacked my default google search and i was able to rewrite that back to google but somehow the windows protection suite added itself to the trusted programs in VISS to avoid the spyware scan. I removed it from the trusted list and made sure I had all the updates for antivirus and spyware and ran the scan again but still cant get rid of the popups and it stopping me from going to some internet pages… i don’t want to download another anti spyware or antivirus program… any help on manual removal would be appreciated.
also task manager doesn’t work so i cant disable active programs/processes
Heather: We got a script that might fix task manager problem here http://www.2-viruses.com/wp-content/uploads/task-manager-fix.reg
I am not so sure if VISS is any good on tougher infection.
I tried to do the script http://www.2-viruses.com/wp-content/uploads/task-manager-fix.reg
but it doesn’t fix my task manager 🙁
I removed the windows protection suite fully, including the registry keys, I just want my task manager back 🙁
You can completely remove this by reinstalling windows. To install/reinstall Windows 2000 use this link (http://support.microsoft.com/kb/304868) For Windows XP Use this link (http://support.microsoft.com/kb/896526) and for Windows Vista Use this link (http://windowshelp.microsoft.com/Windows/en-US/Help/e77344fa-e978-464c-953e-eba44f0522671033.mspx). Hope this helps everyone.
Reinstalling windows is not always a good solution, Mike, but the last one. If you reinstall windows on “top” of operating system existing, the viruses are not removed completely and will be back. In any cases, I am all for using of antivirus/firewall software and avoiding such problems before they happen.
help please… i was fooled by this windows protection suite that it keeps bugging me. time to time, it pop ups..i can’t remove it!.><, i hate it.. what’s the best thing to do? kindly help me please, please…. thank you…
I downloaded the fixitforme file from Microsoft onto a memory stick and ran it on the computer that I just removed the malware from. It was supposed to fix the HOSTS file but it did not work.
Any suggestions?
Thanks!
Dear Admin,
I happen to be another victim of this protection suite scam…. downloaded spyware doctor per your advise, shall I run the full scan afterwards? will the scan purge this “program” from my desktop? shall I also use McAfee VSE 8.5 to kill whatever it can? I observe the same symptoms with the disabled virusscan (old version which I shall uninstall before upgrade) and disabled task mgr
All your hints and recommendations will induce my cordial appreciation!
Thanks,
MMS
Probably there is more than host file corrupt. Check if you got proxy server set up in your browser and disable it.
I’ve had this same problem before on my Dell XPS M1710 laptop with the Windows Protection Suite and it worked. When you reinstall windows you have to boot from the CD then do a clean/new install. When you do this you are not reinstalling over another operating system. You have to delete the old/other operating system by deleting the partion and createing a new/raw partition, once the new partition is created you have to reformat it using either NTFS File System or NTFS File System(Quick). This will totally wipe out everything on the hard drive making it like new again. Also some Desktop Computers like the Dell Dimension 3000 Series have a hidden PC Restore Recovery System by Symantec that will automatically do all the work for you by simply pressing F8 on the Bios load up screen. @admin
Mike: Theoretically, it is not 100% correct. There are at least 2 infection types that can “survive” simple partition format. Although bios viruses are not common, MBR (master boot record) rootkits appear once in a while. To be 100% sure, you have to reset master boot record as well with fdisk /mbr before formatting.
I tried all these things, Apyware Doc´tor, Malware, etc. Tried some manual removal which didn’t appear to be successful. Then I tried restoring the computer back to a previous point (actually a week ago) guessing maybe that the computer was clean then. This has worked, and now I can install other software etc. No sign of Windows Protection Suite.
For general information, when I get a computer in with this sort of problem, I remove the hard disc and connect it to a spare computer via uSB. I then run the Antivirus program on the computer to the hard disc. This generally works as then there is no program trying to start on the effected harddisk. Unfortunately, on these new Atom computers (the small ones with 10″ screens), its only posible to remove the hard disc by almost stripping the computer down – no thanks!
Rowland: This might fail sometimes. sometimes registry entries are corrupt as well, and even if the files are not recognized as malicious, registry entries are disabled by anti-virus software. However, they are not scanned once you scan through different OS. Same risk is for complex, packaged malicious processes.
Is this spyware doctor safe? I don’t want anything bad to happen to my computer.
Well, I might sound biased, but it is one of the best anti-spywares around. if you do not believe me, google for PCTools (a company that created spyware doctor). It is long time in the market.
I downloaded the spyware doctor and I can’t even get the stupid thing to open I just want rid of the stupid windows protection thing my computer wont let me restore it to an earlier time, im at wits end and I need help what do I do?
Probably some trojan is blocking access to program. Try this: rename spyware doctor to something else.
Open an empty notepad document, write something, but do not save. Then choose to shutdown pc, and wait till it stops becouse there is an unsaved document.
Then launch spyware doctor.
I have this virus, and I can’t open my task manager, and It won’t let me go to Google.com, but rather it redirects me to Google.de
Any help would be great!
Hi there, I am extremely panicked. I paid for this Windows Protection Suite on August 27th, but I already had AVG installed on my computer. I haven’t seen any wierd pop ups yet, and I don’t know if my computer is infected. I’m sure it has to be because I bought it and let it install. When I tried to click on the windows protection suite icon, it just said this shortcut has been changed or moved. I am not very experienced with computers, and I would like to know what steps I should take from this point on. I appreciate ANY input. THanks!
One other thing, I received an email confirmation from WPS when I bought it. I left it in my email inbox for future reference. It is now gone from my inbox and I’m 100% confident I did not delete it. Does this mean they have access to my computer and my credit card????
Nicole : I would contact your bank and get a credit card statement for the card that was used to purchase this malware. If you see any suspicious charges after you paid for it, or they drew more than the amount provided on page, tell the bank to change your credit card and tell them you were cheated into buying this malware. You might return your money back.
Peter:
Redirection to google.de is nothing dangerous, as sometimes it is done by google itself for localisation. Try downloading and instaling spyware doctor.
Okay, I have contacted my bank and they are investigating the charges. But what steps should I take regardin my computer’s safety? As I said, I haven’t seen any signs that my computer is infected yet. But I definitely know I bought it. I’m just wondering how I can tell if it’s infected. AVG says it can’t find anything and I wondered if the virus went away after I purchased it, or what.
Nicole : Scan with couple other programs. AVG free version does not have rootkit detection as far as I know. Try Spyware Doctor, Malwarebytes anti-malware, Spybot S&D or other tools.
Thank you so much for your help. I’m seriously panicking. I am downloading spyware doctor as I write this, and I really hope everything is okay 🙂
I noticed I had the virus last night so I downloaded the updates to Malware and Search and Destroy and ran both programs; it seems the pop-ups are gone. However, I still do not have access to my task manager; I have tried short cuts, the command line and running the executable but no such luck. I have also noticed that the first link returned from google is always a redirect whenever I search “virus” “windows protections suite” etc. Is there a manual clean-up that I need to do or do you recommend something else?
Jeff : Scan with spyware doctor (scanner free) won’t hurt. Task manager is disabled in your registry, this can be fixed manually usually.
The problem with google redirection means that you got a browser hijacker, probably. First thing I would check my hosts file and if no proxy is set up in my browser. If problems persists after removing entries in hosts file and browser proxy, there is surely some parasite active in the pc and you will have to scan with other removers.
I have this on my computer, but it’s only in my programs list. I cannot find it anywhere else.How do I get this off? How much is that download
A couple comments.
I got hit with this virus yesterday and used Malware to remove the Windows Protection Suite.
Unfortunately the virus had a browser hijacker embedded in it, which caused ny browser to a) a redirect on half my google searches and b) completely lose all access to gmail.
I tried downloading various free spyware programs in hopes of finding the problem, then came to this website and finally tried Spyware Doctor. It found the browser hijacker (I had to register and pay to remove it) and it looks like my browser activity is back to normal. We’ll see. Thanks for your help!
okay so i got this stupid virus a few days ago! on my brand new laptop :(( Should i take it back to best buy since i have the warrenty for it? Because i cant get rid of this thing!!!!
entry from admin on 6th September 2009: Probably there is more than host file corrupt. Check if you got proxy server set up in your browser and disable it.
ADMIN – Proxy is neither set on firefox nor internet explorer. No option to disabled it then?…. Any suggestions on how to deal with this further? What about McAfee? I have the installation package for VSE 8.5, will it work to thrash this WPS out?
JEFF – you downloaded the updates to Malware and Search and Destroy and ran both programs, can you advise which particular programs you have been using?
Thanks for all hints in advance
MMS
Hi – although I have Kaspersky Internet Security 2009 installed I have been infected with this infuriating trojan Windows Protection Suite. Have read the various articles up to 15th Sept. Is best way to try and get rid to download ‘spyware doctor’ or ‘Malwarebytes’. Will Kaspersky let these through to be used?
Colin : You can run one anti-spyware and one anti-virus at the same time.
Michael : then the problem is in internet chain. Try rebooting into safe mode and perform full scan with anti-spywares.
Admin: Thanks for your help. My host file was indeed corrupt. I reset the host file back to its original form and all works great. As for the task manager, the virus redirected the executable to a debugger; it hits the debugger and ends the execution. The remedy I used was to go into “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options” and remove the debugger line from the taskmgr.exe. Note, I would recommend exporting the registry in case an error occurs.
MMS: I have been running “Malwarebytes” and “Search and Destroy” for approximately a year. The software works good but it does not run all the time (at least the freeware). The search and destroy runs continuously and you can set alerts to notify when registry changes are made. Unfortunately, if others are using the computer, the alerts might go unnoticed. In addition to the two mentioned above, I am run Norton’s Anti-virus.
Jeff: I have checked Spybot S&D couple times… its definitions are updated quite slowly compared to commercial removers. Malware bytes are ok, but who would update and run them daily manualy ? 🙂 Used Superantispyware for a while, I think i would go for it if I wanted a free anti-spyware.
i bought windows protection suite for 6 months, and charged my card, because i thought it was real. now its gone, and now i can’t get my money back.
will it take my info or will it no longer bother me
I would check my bank statement for that card, Dominic. Usually the card info goes through their own servers, so they got your CC details
Oh my gosh! I got this hit with this windows protection suite thing and im downloading this removal program you suggested! I am not computer savy in the least! Im only a high schooler who recently got the internet! if i run this program with a full scan in all its glory will it compleatly get rid of this thing or is there something else i should check after? also i downloaded Mcafee after i got this crap and i think it is blocking the use of it… 🙁
ooh okay thanks,
i checked it and it charged me.
so does that mean they can get my info?
or nothing else will happen?
That depends on how you paid for them. If the payment went through their system, it is highly likely they will sell your CC data or charge again themselves.
i’m in a real tough situation with windows protection suite. it won’t let me go on the internet and it’s disabled my taskmanager so i can’t open that to get rid of protection suite manually either. what should i do??
Kris: Try booting is safe mode with networking or download a remover to usb stick.
my bros laptop has windows protection suite. Everythings stuffed up. It doesnt let you use the internet, only in safe mode with networking. Than when i try ANY of these spyware MAMB downloads a thing comes up saying the security settings will not let you down load this file. then when that comes up there is no option to change settings, even in the control panel. The whole machine has slowed down and there was a pre-installed and working Trend Micro Security system going on but now it wont pick up anything. There is absolutely nothing to do about it.
Whoever is doing this trojan is making money with the credit card scam. This needs a bank to run their transactions. You need to charge this back through you credit card as fraud. If the receiving bank gets enough charge backs maybe they will close them down and it will not be profitable for them to ruin peoples computers.
@Jeff
I tried removing the debugger line as suggested and it works. I am now able to access task manager routinely.
Many thanks
Now I have to figure out how to get rid of that pesky windows protection suite. and the browser redirect virus.
Please help, I have the ‘Green AV Security Suite’ this and it wont let me open spdoc.exe or task manager or anything but internet and some other things. It says everything else has a vivus and says to fix this buy this product, i cant even open task manager. please what can i do?
Matt, please follow this removal guide http://www.2-viruses.com/remove-green-av-security-suite
please help. i just got this yesterday, i had the massive pop ups, but they have gone away after doing a malware bytes scan. Spyware doctor will not work, and it seems everything is working fine after i did a system restore, but something keeps disabling my mcafee real time scanning. PLEASE HELP!!!
Justin: Do a scan with Spyware Doctor after the restore. Update it prior scan, that is critical in your case. The virus is not fully gone, So if Spyware Doctor is blocked, reboot into safe mode with networking (reboot, press F8, choose from menu). Or you could try right-clicking on Spyware Doctor executable and choose run as administrator.
I had this problem yesterday. Malwarebytes wouldnt remove it, Spyware DR didnt work, and the manual directions for exes, register entries, etc didnt seem to apply (none found). Eventually I found a strange executable named bpxomqwshdw.exe that was recently installed and starting on startup. I removed that along with tmp.exe and antispy.exe, rebooted, and the Protective Suite was gone. Also had to reset IE to not use a proxy.
So I am working on a clients computer after 2 other chain stores really messed up her computer trying to get this damn thing off. I keep changing the host file but every time I check on it its right back to the way it was with all the redirects…when I save it and keep the name as host it says its a read only file and I cant save it, but when I go to change it to a not read only file it doesn’t exist. The only host file it finds is the one I created ‘hosts’ in hope that it would work. I was following another guide that was using HJT. I do not have any problem with taskmanager. The original files were deleted by the chain store guys so basically all traces except for what Spy Bot Search and Destroy finds, but cant delete, is gone. I do not want to by Spyware Doctor is there anyway that I haven’t tried?
Matt:
Try running TDSS Killer on your PC or deleting what Spyware Doctor finds manually. Full version of Spyware doctor is superb protection tool from similar malware. I can also recommend running a scan with hitman Pro.
Hey so I ran TDSS Killer and it found something and it “cured” it and asked me to reboot and now I cant get her computer to get into windows without getting the blue screen of death. The error I am getting is
Stop: 0x000000008e (0xc0000005, 0x8384acc7, 0x9e40b91c, 0x00000000)
I can get it to boot up in safe mode, however I cannot system restore it gives me this error.
To peform an offline system restore, you must specify which Windows installaion you would like to restore. For example, if the installation located in C:\Windows should be restored, enter teh following commmand:
rstui.exe/offline:C:\windows
I am not sure what it means by offline line because I booted it in safemode with networking. I also ran Hitman Pro and it just found cookies. Thanks in advance 🙂
Hi Admin,
I think i have been another victim of this protection suite. Every time I try to launch an application such as a game (exe),it comes back saying something like, exe file is corrupted, please check you anti virus software.
My question is, does this rogue virus stop applications from running?
Thanks 🙂
my client is having a tough time removing the virus we tried opening the other programes please HELP!!
Veerus: This rogue family messes up the registry. You could try creating another user account on infected PC and see if you can execute programs from there,.
cant get rid of protection suite error