XP AntiSpyware 2012 Virus - How To Remove

XP Antispyware 2012 is the name changing rogue which is creating havoc on Internet. This rogue gets installed from one single installer file and It has 12 different names depending on the operating system you are using. It can auto detect the operating system and If you are using XP, It will show up as XP Antispyware 2012. If you using Windows 7, It will show up as Win 7 Antispyware 2012.

This virus gets downloaded to your computer in some sort of disguised form so that you can not recognize it. For example, you visit a video site and get asked to download a codec to watch the video. You think that a codec is required to watch the video in question but In fact, the site just fooled you and you downloaded the virus yourself. This is how the online crooks do the operation. They send such rogue products in user's computer in a disguised form. They hack legitimate websites and install the malware there as well. You trust those websites and end up downloading the malicious stuff. There are hundreds of ways used by scammers to promote the virus and it is impossible to outline all those ways. Here is a screen shot of the virus doing a false scan :

Remove XP AntiSpyware 2012 Virus Automatically

As your computer is infected with Xp Antispyware 2012 virus, there first thing I would to to tell you is, Don't Worry. It is possible to remove the virus and there is no need to get frustrated. Sure, the virus is malicious but there are methods to clean this virus completely and stop its recurrence in future. Many people believe that now they need to re-format the computer to get rid of the virus but this is simply not true.

How To Remove XP Antispyware 2012 Rogue Antivirus

 Removing rogue products and malware is easy when you know what you are doing. Though it is not easy to remove xp antispyware 2012 but with some efforts, you are surely remove it once and for all. You can remove the virus yourself by choosing any of these two methods depending on your expertise level.

A) Automatic Removal Method 

First method is specially for the guys who are afraid of dealing with the virus. This method is very easy to follow and even If you don't have dealt with a virus in your life, you can kick out this virus from your computer. All you need to do is download a genuine spyware remover, scan your computer in safe mode and get rid of the virus. Here is a powerful spyware remover for you :

Remove XP Antispyware 2012 Virus Automatically.

Remember these things when you go with automatic removal :

1. Try to conduct the automatic removal in Normal Mode of windows. If you find that rogue software is blocking Spyware Doctor, reboot your computer in "Safe Mode With Networking" mode and then do a scan. Keep pressing F8 button of your keyboard when your computer boots up and then select "Safe Mode With Networking" mode.

2. Spyware Doctor is programmed to do Intelli-scan by default but you need to do a "Full Scan". Before you start scanning your computer, please select "Full Scan" so that all the things in your computer go through a very rigorous scanning process and all threats are caught. Once the scan is complete, remove all the threats by clicking the "Fix" button.

B) Manual Removal Of XP Antispyware 2012

Manual removal is strictly for computer experts and you should not try your hands on it If you don't know what you are doing. This method requires you to do everything manually and this process can be very risky If you are not a computer expert.

Therefore, please follow these steps under expert supervision to avoid any unseen consequences later on :

1.  Launch Task Manager and look for a process which has 3 characters in it. Now see how much memory this particular process is eating and what are the CPU Usage of this process. If you find that this process is continuously eating memory, right click on it and click "End Process Tree". It is highly likely that this process is related to the virus. If you end the right process, the virus window will be also closed automatically.

If you find that Task Manager has been disabled on your computer, then the only solution for you is automatic removal method which should be performed in Safe Mode. 

2. Please remove these registry keys from registry editor (Click Start/Run, type "regedit" and click OK) :

HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
 HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘

3. Please remove these malicious files from your computer :

%AllUsersProfile%\84mt3e0is2b6lrulfioi362nt3p
%AppData%\84mt3e0is2b6lrulfioi362nt3p
%UserProfile%\Local Settings\Application Data\(random 3 letters).exe
%UserProfile%\Templates\84mt3e0is2b6lrulfioi362nt3p
%Temp%\84mt3e0is2b6lrulfioi362nt3p
 
Now reboot your computer in Normal mode and you shouldn't face any prompts of XP AntiSpyware 2012 Virus. Still, I would advise you to scan your computer with a Spyware Remover to find all the traces of the virus. Manual removal is prone to making mistakes and automatic removal guarantees the results. 

Vista Security 2012 Virus - How To Remove

Vista Security 2012 is the new variant of Vista Security 2011. The creators of this rogue spyware are re-naming the rogue every year and launching it with a new name, more malicious features and more catching user interface. Vista Security 2012 virus is spreading very rapidly on the Internet mainly via hacked sites, fake on-line scanners, compromised downloads and other similar things.


When you visit a malicious website even by mistake, you'll be prompted to download a file for a particular purpose. For example, If you visit a video website, you'll be informed that you need to download a video codec to play the video and you'll download the file in good faith. Now that file is not any video codec but the virus and this is how rogue spywares get their way into computer. Here is a screen shot of Vista Security 2012 (Vista Security 2011 and Vista Security 2012 are exactly same product with different name) :-

Remove Vista Security 2012 Automatically.

Spyware Doctor Removes Vista Security 2012, Guaranteed. You just need to download the software, scan your computer and Vista Security 2012 will get removed automatically. Spyware Doctor Costs $29.95 for three computers and this comes down to $9.95 per computer. This investment can save you from lots of headaches because of such rogue products. Spyware Doctor provides active protection against all rogue products and your computer will never get infected again! Backed by 30 days Money Back Guarantee! 

Enough Talking! Real Video Proof From Our Research Lab. 

As you are reading this article, it is likely that your computer is infected with this rogue Spyware. Please note that it is a very malicious name changing rogue. If you are using Windows Vista operating system, it will get installed as Vista Security 2012 and If you are using Win 7 operating system, it will get installed as Win 7 Security 2011. This rogue is programmed to change its name automatically depending on the user's operating system. I've tested this malware personally on different OS (using Virtual Box) and found its changing user interface according to the operating system.


When this bogus product will infect your computer, It will disguise itself as a security update and install an executable file which will have three characters. Whenever you'll try to run a legitimate program, It will be blocked and you'll just see this rogue popping up on the screen repeatedly. This virus takes all the measures to protect itself from virus scanners and other programs which can actually remove it. This virus is so dangerous that even If you'll try to run Internet Explorer, you won't be able to do so. Its much more malicious than its previous version and should be kicked out as soon as possible.


How To Remove Vista Security 2012 Rogue Antivirus

There are two methods to remove this rogue software from your computer. First method is removing the virus using a software and second method is using your own mind to remove the virus. First I'll tell you more about automatic removal method.


A) Automatic Removal Method 

This method is the easiest method to remove vista security 2012 virus from your computer without any tedious exercise. You need to download a genuine Spyware Remover which is capable of detecting this virus and then remove it your computer. This method guarantees results and here are the reasons why this method is used very widely even by computer experts :-


1. This method takes much less time and results are guaranteed.
2. There is no risk of deleting the wrong file from your computer.
3. You get rid of the rogue as well as lots of other possible threats which might be hiding in your computer.
4. If you already had an antivirus and this rogue still infected your computer, you badly need Spyware Protection on your computer. If you get a genuine spyware remover to remove vista security 2012, not only your current problem will be resolved but also your computer will be protected in future as well from similar threats..
5. Spyware Remover products maintain a list of bad domains so If you visit a bad website which has been spreading the virus before, your access to that website will be immediately blocked for your security.


For complete vista security 2012 removal, I highly recommend Spyware Doctor as it is the most powerful Spyware Remover with excellent features and regarded as a very powerful software among computer professionals and malware experts.

 

When you conduct automatic removal of the virus, please make sure that :


1. Please conduct vista security 2012 removal in "Safe Mode With Networking" mode. For this, please reboot your computer and keep pressing F8 key of keyboard. You'll see a menu with several choices and you should to select "Safe Mode With Networking".


2. Once your computer is up in Safe Mode, please make sure that you do a Full Scan of your computer. Spyware Doctor does Intelli-scan by default but you need to do a "Full Scan". Once the scan is done, Fix all the threats and that's all you need to do.

B) Manual Removal Method 

This method is very risky and should not be followed by less skilled computer users to remove vista security 2012. At best, you might face problems in identifying the infected files and at worst, you could end up deleting important system files. Success of manual removal method depends on the expertise of end user and removing wrong files (which are actually not infected) can create more issues for you.


For this reason, please follow manual removal steps only If you are highly skilled in computers and have dealt with such problems before. Here is what you need to do to remove vista security 2012 manually :


1. First of all, please run Task Manager and look for a process which has 3 characters in it. If you find such a process which actually look suspicious, you might want to end it. Please note that all the processes having a 3 character name are not the culprit. If you are unable to launch the Task Manager, please try automatic removal method instead.


2. Please remove these registry keys from registry editor (Click Start/Run, type "regedit" and click OK) :


HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”


3. Please remove these malicious files from your computer :


%AllUsersProfile%\4m2nt3ps2b6lrut3e0ilfioi368
%AppData%\Local\(random 3 characters).exe
%AppData%\Local\4m2nt3ps2b6lrut3e0ilfioi368
%AppData%\Roaming\Microsoft\Windows\Templates\4m2nt3ps2b6lrut3e0ilfioi368
 %Temp%\4m2nt3ps2b6lrut3e0ilfioi368
 
Now your computer should be free of Vista Security 2012 virus If you followed above steps correctly. If you face any problems in following manual removal steps, try to follow automatic removal method instead. Your main goal should be getting rid of the virus and taking protective measure so that such things never happen again in future.