How to Remove “Privacy Protection” Malware

November 10th, 2011 Tags: privacy protection
Posted in Rogue Security Programs, Spyware Removal, System Restore

Removing “Privacy Protection” Malware with System Restore

Manually removing malware, especially Fake Alerts like “Privacy Protection” is a fine art practiced by dedicated, starving PC Technicians. It isn’t something that is taught so much as it is a skill that needs to be absorbed by years of hands-on experience. Because of the ever changing cat-and-mouse game involved with battling malicious software (malware), it is not something the average person is trained or equipped for. But for the average person who wants to take a stab at it, read on…

Below is a screenshot of the Fake Alert known as “Privacy Protection”.

Your best friend will be a much overlooked utility called System Restore. System Restore is a free built-in Windows utility that can restore your system files to a previous restore point before the problem occurred.  The System Protection feature creates automatic System Restore checkpoints when the computer is idle, when installing programs, and can also be created manually.

It’s a fairly easy way to undo undesired changes to your computer such as with the “Privacy Protection” malware and other forms of malware as well. It doesn’t affect your personal data files, such as your documents and pictures. But it will affect programs, Windows updates, device drivers, Windows system settings, and user account passwords that have been changed since the date of the System Restore point you are choosing to roll back to.

System Restore is not a cure-all for Windows problems whether they were caused by malware or not and should not be used frivolously. You also need a good restore point to restore from, so if System Restore had been turned-off, you won’t have any restore points to restore from. If your computer does not boot to Windows and you have no restore points at all, you will probably have to perform a fresh Windows installation.

Many antivirus companies recommend for you to disable System Restore when you have a virus. I disagree! My advice is to postpone turning off System Restore until after you have removed enough of the malware so that Windows is stable.  When a computer is so infected that it won’t even boot to Windows, I say that an infected System Restore point is better than “No” System Restore point. I will usually disable and re-enable System Restore twice, with the the last time being after I deem the computer malware free, so it will begin creating new, good System Restore points.

OK, Let’s Reverse the Effects of “Privacy Protection”

The key to using System Restore successfully to remove the Privacy Protection malware is to roll-back to a time just before the infection. It is also important not to wait too long to take action. Some people go weeks and months before they deal with the problem and by then, using System Restore might not be an option. Try using System Restore “first” before you go and start downloading registry cleaners and other free tools you might find, and by all means, don’t give in and purchase “Privacy Protection”, which is their goal in the first place, to scare you into buying their fake product.

Knowing when the infection happened is important when choosing the best Restore Point, but sometimes you just have to use your best educated guess. If you witnessed when it happened, it should have been an unforgettable experience, otherwise you might have to look for an icon on your desktop and right-click it to check its properties to find out the date.

If there is no icon, it can get a bit more difficult to find out the time of infection and I won’t be getting into those techniques here. The files and services for this malicious program aren’t located in the usual places a reputable program would be. The best information I have now is that it runs from a file called “defender.exe” located in your user account’s “appdata” folder:

%appdata%\defender.exe

Anyway, when you are in Windows, you can usually invoke System Restore by clicking Start > All Programs > Accessories > System Tools > System Restore, although a malware infection may prevent you from doing so in the normal mode, so you will probably have better results in the Safe Mode which you can invoke by pressing F8 after boot-up.

How to Run System Restore When Windows Doesn’t Boot Up

When your computer won’t boot up at all, or when System Restore just won’t work from within Windows, don’t give up. There is another easy way to run System Restore if you have Vista or Windows 7 using the “Repair Your Computer” option in the Advanced Boot Options menu. This is similar to booting into the Safe Mode using the F8 key at boot-up, except you will choose “Repair Your Computer” instead. From there you can eventually get to System Restore, but be patient, it is a bit slow to open.

If all goes well, you could completely reverse the effects of this rogue malware infection with a few clicks of the mouse. But be sure to follow-up with some antimalware and antivirus scans to ensure there are no more infections.

If all doesn’t go well, it is sometimes due to having errors on the hard drive that may have corrupted the files required for running System Restore, especially if you performed some bad shutdowns by turning off the power because Windows stopped responding (froze). You can attempt to correct errors on your hard drive by running Chkdsk.

Anyway, System Restore is a very powerful tool, but use it with caution. Whether you choose to use it or not, as well as how to determine which date to roll-back to are important things to consider before you blindly start searching for and downloading every program under-the-sun that claims it can fix your computer. But my usual advice is to avoid being put in this position in the first place by checking out my Basic Spyware Prevention Tips.

To see the antimalware and antivirus tools I recommend, connect with me on Facebook at: http://www.facebook.com/SpywarePrevention