How to Remove PCSProtector | PCSProtector Removal Guide
PCSProtector is a rogue antivirus application from the winisoft family of rogues. They are essentially clones of each other and all resemble each other with the minor modification of the name of the rogue and it’s files. These rogues are typically distributed by trojan horse activity as well as malware on attack websites. They will install themselves on a computer and then launch on startup and start claiming all sorts of security problems with your pc. They will do falsified scans of your computer finding either files that this software has placed or legitimate files and tagging them as being infected with a virus. Read on for how to remove PCSProtector.
Your first removal step for most any software should be to visit the control panel and work your way to the add/remove programs area. Once there, see if you can find pcsprotector listed and attempt to uninstall pcsprotector there. It is unlikely this will work but is always worth a try. Even if this successfully uninstalls pcsprotector you should follow this up with a scan of the computer using a malware removal tool such as superantispyware or malwarebytes antimalware and then follow that scan up with a scan using a trusted antivirus application. (I said trusted antivirus application because there are so many rogues out there. Some trusted antivirus products are mcafee, norton, avg, avira, avast, trendmicro. This is not an exclusive list though. An online antivirus scan can be a fine temporary substitute.)
Assuming that the above did not remove the rogue from your system you will need to pursue a removal of pcsprotector with a utility known as a malware remover or malware removal tool. Malwarebytes is a good free one and you can find a link to it on my virus removal toolkit page. Superantispyware also has a free edition that can be downloaded and is another good option. Once one of these is downloaded on your system you should try to install it. If it does not install for you there are a few options. 1) rename the installer to something else. rename mbam-setup.exe to something like iexplore.exe 2) reboot into safe mode and then retry your installer. 3) continue to the next step and kill off the running processes associated with pcsprotector and then retry your install of the malware removal tool.
The following processes are associated with pcsprotector and should be killed off to remove the rogue. If you are not able to kill them off with the task manager you may try the following: 1) copy the task manager program to the desktop (taskmgr.exe) and rename it (firefox.exe perhaps). Then try to rerun this program and kill off the processes listed below. 2) reboot into safe mode and see if the processes listed are running. 3) Use process explorer instead to kill off the following:
Uninstall.exe
PCSProtector.exe
RANDOMNAME.exe
One of the names listed above is randomized when the rogue installs on your pc. It is almost always different from one machine to another. Use the patterns listed below and names on YOUR system to determine which files and processes should be killed of and or deleted.
The following files and folders should be deleted to manually remove pcsprotector:
%docs%\All Users\Desktop\PcsProtector.lnk
%docs%\All Users\Start Menu\Programs\PcsProtector
%docs%\All Users\Start Menu\Programs\PcsProtector\1 PcsProtector.lnk
%docs%\All Users\Start Menu\Programs\PcsProtector\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\PcsProtector\3 Uninstall.lnk
%progfiles%\PcsProtector Software
%progfiles%\PcsProtector Software\PcsProtector
%progfiles%\PcsProtector Software\PcsProtector\main_config.xml
%progfiles%\PcsProtector Software\PcsProtector\PcsProtector.exe
%progfiles%\PcsProtector Software\PcsProtector\uninstall.exe
%tmp%\RANDOM.exe
%win%\10566viruz2809.dll
%win%\10652not-a-virus69z.cpl
%win%\1092sp5wzre1923.bin
%win%\system32\10501not-a-vizus359.dll
%win%\system32\105259orz1d2.dll
%win%\system32\1058ztroj95e.cpl
%win%\system32\RANDOM.exe
Once the above have been deleted you should have successfully removed pcsprotector and should now follow up with another full scan of the machine using a malware removal tool and then a trusted antivirus application to make sure that your system is free from malware, trojan, rogues or any other residue of this infestation.