How to Remove the Fake Security Protection Virus (Win32/FakeRean)

Viruses attack our computers in many ways. Some viruses work in the background disabling your antivirus software and corrupting your files but other viruses, such as the fake Security Protection virus take a different approach and pose as a antivirus software designed to protect your computer, when in fact it is installing viruses.

The Security Protection virus is an exceptionally brilliant virus. Once this virus is installed it will do a “full PC scan for viruses” when in fact, it is infecting your computer. This virus will block all other programs from running, even the calculator (smiles).

Fake Security Protection

Fake Security Protection

Activate Security Protection

Activate for Security Protection

After the scan is done, the Security Protection virus says that you need to activate its software to remove all the viruses.

If you select “Activate Now”, you will get a very official looking pop-up asking for your email address and a registration key.  Warning: Do not activate! It will only install more viruses and now the hackers know your email address.

Active Now

Bogus: DO NOT ACTIVATE

At this point, your computer is nearly useless, you can’t uninstall the program and neither can you run programs. However, there is still a way to remove this virus. Here are the steps I used to remove the virus.

Step One: Restart your computer and boot into ‘Safe Mode with Networking’ by tapping the F8 key. Once you are in Safe Mode you will have basic Windows functionality.

Step Two: Download Autoruns for Windows.

Autoruns

Autoruns for Windows

Step Three: Run the Autoruns tool and you will see all the processes that start up when you boot into Windows. Select the ‘Everything’ tab and wait for all the processes to load. When all the process are loaded, click on ‘Options>Filter’ and select Hide Microsoft and Windows entries.

Filter Options for Autoruns

Filter Options for Autoruns

Step Four: With all the Microsoft and Windows entries filtered out, start browsing down the list of all the programs that start up. You will find Security Protection starting up. Deselect that box and reboot.

Virus Spotted

Security Protection Virus Spotted

Step Five: Boot into Windows normally and download Malwarebytes and TDSSKiller. Run full system scans with both softwares. These scans will find the virus files and then you can remove them.

Malwarebytes found Viruses

Malwarebytes found Viruses. Remove Them.

Run these scans until they both come back without any results.

Step Seven: After all the viruses are removed, download and run CCleaner to remove any registry keys that the virus left behind. Make sure to install an antivirus software to protect against future attacks.

You now should be virus-free and good-to-go! Thank you for reading this post. If this helped you please leave a comment.

Leave a Reply