How to Remove BlockProtector | Removal Guide



So… the tail end of last week saw another new variant in the Wini family of rogue antivirus: blockprotector. It’s the successor to….. Blockscanner (blockscanner removal guide) as well as the long list of prior variants that you can find on that page. (Sorry… it’s just getting to be ridiculously too many to list in each post.) The wini family of rogues is running around 2-3 variants a week at this point in time and they mostly look the same with only the name being changed. They are pushed by scare tactics of web pages that appear to be scanning your hard drive (animations) and like most rogues they don’t really do much. Read on for how to remove blockprotector.


Among other things blockprotector will pop up many bogus warnings about your system security including this:

Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of BlockProtector and remove spyware threats from your PC.

All warnings generated by this software are falsified.

Start by trying to uninstall blockprotector from the control panel and add/remove programs applet. If it cleanly uninstalls I would follow up with a good scan of the computer with a tool such as malwarebytes antimalware and an antivirus such as avira/avg or maybe trend micro. Just make sure it’s a trusted application.

To download malwarebytes antimalware, please visit my virus removal toolkit page. Download malwarebytes antimalware and (optionally) process explorer.

You may have difficulty installing and running malwarebytes initially with this rogue on your system. If you do have difficulty you can 1) rename the installer file from mbam-setup.exe to something innocent like bigbird.exe -then try to install,update and run malwarebytes 2) reboot into safemode and retry the installer or 3) continue with a more manual removal of blockprotector and after you have disabled the running processes associated with blockprotector then you may be able to install, update and run malwarebytes antimalware.

The following website should be blocked:
blockprotector.com

The processes listed below are associated with blockprotector and should be killed off using the task manager. If you are unable to launch the task manager you may try copying and pasting the executable file for the task manager (taskmgr.exe) to another file name (rename it to something like elmo.exe) or use process explorer for the task of killing off the following files:

rwb4.tmp.exe
11763zpy1f95.exe
1069szyware7695.exe
BlockProtector.exe
Uninstall.exe

There may be some randomization used by blockprotector in the creation of filenames including some of those listed above. Use the information below on the file locations along with what you find on your system to get an idea for the patterns that this rogue has used in it’s naming of files and use your best judgment to find similar files on your system.

The following files and folders should be deleted to remoe blockprotector:

%docs%\%username%\Desktop\BlockProtector.lnk
%docs%\%username%\Start Menu\Programs\BlockProtector.lnk
%progfiles%\BlockProtector Software
%progfiles%\BlockProtector Software\BlockProtector
%progfiles%\BlockProtector Software\BlockProtector\BlockProtector.exe
%progfiles%\BlockProtector Software\BlockProtector\Uninstall.exe
%win%\1069szyware7695.exe
%win%\1095th5zf21449.cpl
%win%\11763zpy1f95.exe
%win%\system32\335steal97z2.ocx
%win%\system32\348eb9ckdoor1z785.cpl
%win%\system32\35z0sp9rse478.bin
%tmp%\rwb4.tmp.exe

After even the best manual removal of blockprotector you should still install and update and run a tool such as malwarebytes antimalware and a trusted antivirus to make sure that your system is now clean.

   Send article as PDF   

Similar Posts