User Protection Removal

A rogue antivirus application related to Paladin Antivirus and User Protection, User Protection uses scare tactics to trick users into purchasing a software license. User Protection reaches user systems via Trojan viruses that get downloaded from malicious websites advertising fake online scanners. Once installed, User Protection disables all legitimate security programs that have already been installed on the system along with system utilities such as Task manager and Registry editor and proceeds to load itself at startup. User Protection performs an endless stream of fake security scans on the system and reports that it is under threat from a large number of non-existent viruses and other malware. This rogue program also redirects the user’s web browser via a Browser Helper Object to malicious websites. It also generates fake warning pop-ups from the Windows taskbar. Meanwhile, User Protection repeatedly requests the user to purchase a license to the ‘full’ version of the software, claiming that the currently installed ‘trial’ version is incapable of removing the detected ‘threats’ properly. However, the so-called ‘full’ version of User Protection is just as ineffective at removing these ‘threats’ as the ‘trial’ version, therefore, you should never allow yourself to be tricked into paying for it.

User Protection

The process of User Protection removal involves stopping processes, unregistering DLLs, deleting files and folders and removing registry entries.

File Removal Procedures

The first step in User Protection removal is to stop the following processes:

  • asr64_ldm.exe
  • uninstall.exe

The next step is to unregister the following DLL files:

  • drgext.dll
  • drghook.dll

To complete file removal, delete the following files and folders:

  • %Documents and Settings%\[UserName]\Desktop\User Protection Support.lnk
  • %Documents and Settings%\[UserName]\Desktop\User Protection.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\User Protection
  • %Documents and Settings%\[UserName]\Start Menu\Programs\User Protection\About.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\User Protection\Activate.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\User Protection\Buy.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\User Protection\User Protection Support.lnk
  • c:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
  • c:\Program Files\User Protection
  • c:\Program Files\User Protection\about.ico
  • c:\Program Files\User Protection\activate.ico
  • c:\Program Files\User Protection\buy.ico
  • c:\Program Files\User Protection\help.ico
  • c:\Program Files\User Protection\scan.ico
  • c:\Program Files\User Protection\settings.ico
  • c:\Program Files\User Protection\splash.mp3
  • c:\Program Files\User Protection\uninstall.exe
  • c:\Program Files\User Protection\update.ico
  • c:\Program Files\User Protection\usr.db
  • c:\Program Files\User Protection\usrext.dll
  • c:\Program Files\User Protection\usrhook.dll
  • c:\Program Files\User Protection\usrprot.exe
  • c:\Program Files\User Protection\virus.mp3
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\User Protection.lnk
  • %UserProfile%\Desktop\User Protection Support.lnk
  • %UserProfile%\Desktop\User Protection.lnk
  • %UserProfile%\Desktop\usrprot.exe.txt
  • %UserProfile%\Local Settings\Temp\4otjesjty.mof
  • %UserProfile%\Local Settings\Temp\usr.dat
  • %UserProfile%\Local Settings\Temp\usrr.dat
  • %UserProfile%\Start Menu\Programs\User Protection
  • %UserProfile%\Start Menu\Programs\User Protection\About.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Activate.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Buy.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Scan.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Settings.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Update.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\User Protection Support.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\User Protection.lnk

Once the above steps have been completed, User Protection no longer resides on your file system.
Registry Removal Procedures

File removal alone is not sufficient to properly delete User Protection. It is required to delete the following keys and settings for complete User Protection removal:

  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\User Protection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\User Protection
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “User Protection”
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1?
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\User Protection
  • HKEY_LOCAL_MACHINE\SOFTWARE\User Protection
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “User Protection”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”

Now your computer is completely safe from User Protection. However, since this rogue security product is capable of installing additional malware components on the system it is recommended to scan the entire PC using genuine antivirus software such as Spyware Doctor with Antivirus in order to properly detect any auxiliary infections.

Conclusion

Manual User Protection removal is not recommended for inexperienced users as any mistake made due to inexperience could cause damage to the computer. Inexperienced users are advised to use a web-based repair service such as www.onlinecomputerrepair.org or even legitimate antivirus software in order to properly complete the process of User Protection removal.