How to Remove APCProtect | APCProtect Removal Guide
APCProtect is the latest rogue antivirus product in the wini family of rogue security sotware. It is generally pushed through sites that claim in order to view a video you need to install a video codec update or flash player update. This “update” is actually the loader for apcprotect. Once it is installed on your system you will find that it will nag you with many popup warnings about your system security. It will claim that you have viruses on your system and that the virus infection cannot be resolved until you purchase their software. Please avoid this scam and read on for how to remove APCProtect.
You may want to start by blocking the following domains to prevent further infections with this rogue:
apcprotect.com
The first place you should look to remove any piece of software is the control panel and go to add/remove programs. There you should first try to uninstall apcprotect. It may not work, but even if it does I suggest you move on to scan your computer again with malware removals such as superantispyware or malwarebytes antimalware and then scan your computer with an antivirus that is well respected such as mcafee, trendmicros online scanner, or avg/avira/avast.
You may find a download link to malwarebytes on my virus removal toolkit page. You may also wish to download process explorer as it may be useful later in the removal process. If you are unable to install malwarebytes you may try a few tricks to make the install work. 1) rename the installer from mbam-setup.exe to something like explorer.exe then retry the install, update and scan. 2) reboot into safe mode with networking and then retry the install (possibly also using trick 1). 3) follow the next step in a manual removal of apcprotect (which is terminating the running processes associated with the rogue) and then attempt the install again.
The next thing that you should do is to kill off the following processes as they are associated with this rogue. Launch the task manager to kill these off. If it is not possible to launch the task manager you may try 1) to copy the task manager program to the desktop and rename it (taskmgr.exe) to something else (firefox.exe) then try launching this newly renamed file and kill off the processes. 2) reboot into safe mode and see if the processes listed are running. If not, then go ahead and continue your removal without rebooting. 3) use process explorer instead of task manager to kill off the following processes:
APCprotect.exe
uninstall.exe
RANDOM.exe
One of the above files will be randomized on install to your system. That means that each system will likely have a different filename. Use what you see on your system plus the files and folders listed below (and what is in those folders on your system) to determine which files should be deleted.
The following files and folders should be deleted for a complete apcprotect removal:
%docs%\All Users\Desktop\APCProtect.lnk
%docs%\All Users\Start Menu\Programs\APCProtect
%docs%\All Users\Start Menu\Programs\APCProtect\1 APCProtect.lnk
%docs%\All Users\Start Menu\Programs\APCProtect\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\APCProtect\3 Uninstall.lnk
%progfiles%\APCProtect Software
%progfiles%\APCProtect Software\APCProtect
%progfiles%\APCProtect Software\APCProtect\APCProtect.exe
%progfiles%\APCProtect Software\APCProtect\uninstall.exe
%tmp%\RANDOM.exe
%win%\10259woz5769.exe
%win%\10494vzru597.bin
%win%\106z0spam9ot55a.exe
%win%\1085z9y559.dll
%win%\system32\
%win%\system32\3118dz9nload5r1570.exe
%win%\system32\31327trzj559.dll
%win%\system32\315329ot-z-5irus22.cpl
%win%\system32\
After the above files are deleted you should have completed your manual removal of apcprotect. After this is done, go ahead and scan your computer with a malware removal tool such as superantispyware or malwarebytes antimalware. Then follow that scan up with a scan from a trusted antivirus such as avg/avira/avast or mcafee/norton/kaspersky or an online scan such as trendmicro’s housecall.