Windows Protection Suite is a rogue anti-malware program from the FakeVimes family, that pretends to be a legitimate security program. This malicious program is considered as rogueware because it displays fake security warnings of potentially infected files, false scan results. When Windows Protection Suite is installed on your computer it does not allow you to start legitimate Windows applications, or anti-malware software to cleanup your computer.
The Windows Protection Suite rogueware is distributed through web sites that display a fake online scanner that states your computer is infected with malware, and then prompts you to download the installation file to cleanup your computer. This rogueware is also distributed and promoted by compromised (hacked) web sites and malicious advertising networks that contain exploit code that tries to install the rogueware on your computer without your permission or knowledge, through the abuse of vulnerabilities in software like Java and Adobe Flash Player.
Once Windows Protection Suite is installed on your computer the rogueware will be configured to automatically start when you login to Windows. Once started, it will perform a scan on your computer and then state that there are numerous infections present. But all of the scan results are fake, if you attempt to remove any of these detected infections, you must purchase the full-version of Windows Protection Suite. Please ignore all the messages to purchase this program. By purchasing you will be send your personal information directly to cybercriminals and may also end up being a victim of credit card or identity theft.
If your computer is infected with Windows Protection Suite, then you are seeing the following screens and msessages, follow the removal guide below to remove the rogueware from your your computer with free software, such as Malwarebytes Anti-Malware and HitmanPro.
Windows Protection Suite Removal Guide
This malware removal guide provides guidance on how to remove adware and other malware from your computer. Malware is a general name of any malicious program, including virusses, trojan horses, spyware, adware and rootkits, that tries to damage a computer, steal personal data, or perform other such malicious behaviour.
- Use RKill to terminate the processes of Windows Protection Suite.
- If Rkill doesn’t work restart the computer in safe mode.
- Run a scan with Malwarebytes Anti-Malware to remove Windows Protection Suite.
- Run a scan with HitmanPro to remove Windows Protection Suite.
1. Stop Windows Protection Suite with RKill
Please download Rkill to your desktop.
- Double-click on the Rkill.com to run the tool.
- If using Vista, Windows 7 or Windows 8 right-click on Rkill.com and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use one of the Rkill versions below.
-
- rkill (exe)
- rkill (scr)
- rkill (pif)
- Iexplore.exe (Renamed version of Rkill)
- Userinit.exe (Renamed version of Rkill)
- Winlogon.exe (Renamed version of Rkill)
- When you see the following message Rkill has terminated successfully the malsicious processes.
- You should now be able to run your normal security programs so that you can scan for computer infections.
- Do not reboot the computer after using Rkill
2. If Rkill doesn’t work restart the computer in safe mode
Start your computer in Safe Mode with Networking and scan for malware with Malwarebytes Anti-Malware.
- Remove all CDs, and DVDs from your computer, and then restart your computer.
- Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
- You can also use Safe Mode with commandprompt, type after the prompt Explorer.exe and then press ENTER.
- If your computer has started in Safe Mode with Networking, you’ll need to perform a system scan with Malwarebytes Anti-Malware
3. Remove Windows Protection Suite Malwarebytes Anti-Malware
Malwarebytes Anti-Malware (MBAM) is a surprisingly effective anti-malware program that let you check the presence of malware. But Malwarebytes has also a very strong detection of Potentially Unwanted Programs (PUP’s), only the PUP detection will show up unchecked on the results list by default. You have to manually check them for removal.
Tip: If you want more advanced features and the real-time protection you can purchase the full version of Malwarebytes Anti-Malware that will protect you from being infected.
- Download Malwarebytes Anti-Malware (from the download button above) to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware
- Then click Finish. If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is Checked (ticked) and click on Remove Selected.
- You can use the right mousbutton to check the ‘Check all items‘ option before you click on Remove Selected
- When removal is completed, a log report will open in Notepad.
- If you accidently close it, the log is automatically saved and can be viewed by clicking the Logs tab.
- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
- Click OK to either and let MBAM proceed with the disinfection process.
- If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
- After the restart in Normal mode, start Malwarebytes Anti-Malware again and perform a Quick scan to verify that there are no remaining threats.
Remove Windows Protection Suite with HitmanPro
- Please download HitmanPro to your desktop from one of the download buttons above.
- Double click on HitmanPro to start the program, if you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.
- To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you double click on HitmanPro and all non-essential processes will be terminated, including the malware processes.
- HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
- The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
- Click on the next button and choose the option activate free license
- Click on the next button and the infections where will be deleted.
- Click on the next button and restart the computer.