XP Antispyware 2012 is the name changing rogue which is creating havoc on Internet. This rogue gets installed from one single installer file and It has 12 different names depending on the operating system you are using. It can auto detect the operating system and If you are using XP, It will show up as XP Antispyware 2012. If you using Windows 7, It will show up as Win 7 Antispyware 2012.
This virus gets downloaded to your computer in some sort of disguised form so that you can not recognize it. For example, you visit a video site and get asked to download a codec to watch the video. You think that a codec is required to watch the video in question but In fact, the site just fooled you and you downloaded the virus yourself. This is how the online crooks do the operation. They send such rogue products in user's computer in a disguised form. They hack legitimate websites and install the malware there as well. You trust those websites and end up downloading the malicious stuff. There are hundreds of ways used by scammers to promote the virus and it is impossible to outline all those ways. Here is a screen shot of the virus doing a false scan :
As your computer is infected with Xp Antispyware 2012 virus, there first thing I would to to tell you is, Don't Worry. It is possible to remove the virus and there is no need to get frustrated. Sure, the virus is malicious but there are methods to clean this virus completely and stop its recurrence in future. Many people believe that now they need to re-format the computer to get rid of the virus but this is simply not true.
How To Remove XP Antispyware 2012 Rogue Antivirus
Removing rogue products and malware is easy when you know what you are doing. Though it is not easy to remove xp antispyware 2012 but with some efforts, you are surely remove it once and for all. You can remove the virus yourself by choosing any of these two methods depending on your expertise level.
A) Automatic Removal Method
First method is specially for the guys who are afraid of dealing with the virus. This method is very easy to follow and even If you don't have dealt with a virus in your life, you can kick out this virus from your computer. All you need to do is download a genuine spyware remover, scan your computer in safe mode and get rid of the virus. Here is a powerful spyware remover for you :
Remember these things when you go with automatic removal :
1. Try to conduct the automatic removal in Normal Mode of windows. If you find that rogue software is blocking Spyware Doctor, reboot your computer in "Safe Mode With Networking" mode and then do a scan. Keep pressing F8 button of your keyboard when your computer boots up and then select "Safe Mode With Networking" mode.
2. Spyware Doctor is programmed to do Intelli-scan by default but you need to do a "Full Scan". Before you start scanning your computer, please select "Full Scan" so that all the things in your computer go through a very rigorous scanning process and all threats are caught. Once the scan is complete, remove all the threats by clicking the "Fix" button.
B) Manual Removal Of XP Antispyware 2012
Manual removal is strictly for computer experts and you should not try your hands on it If you don't know what you are doing. This method requires you to do everything manually and this process can be very risky If you are not a computer expert.
Therefore, please follow these steps under expert supervision to avoid any unseen consequences later on :
1. Launch Task Manager and look for a process which has 3 characters in it. Now see how much memory this particular process is eating and what are the CPU Usage of this process. If you find that this process is continuously eating memory, right click on it and click "End Process Tree". It is highly likely that this process is related to the virus. If you end the right process, the virus window will be also closed automatically.
If you find that Task Manager has been disabled on your computer, then the only solution for you is automatic removal method which should be performed in Safe Mode.
2. Please remove these registry keys from registry editor (Click Start/Run, type "regedit" and click OK) :
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘
3. Please remove these malicious files from your computer :
%AllUsersProfile%\84mt3e0is2b6lrulfioi362nt3p
%AppData%\84mt3e0is2b6lrulfioi362nt3p
%UserProfile%\Local Settings\Application Data\(random 3 letters).exe
%UserProfile%\Templates\84mt3e0is2b6lrulfioi362nt3p
%Temp%\84mt3e0is2b6lrulfioi362nt3p
Now reboot your computer in Normal mode and you shouldn't face any prompts of XP AntiSpyware 2012 Virus. Still, I would advise you to scan your computer with a Spyware Remover to find all the traces of the virus. Manual removal is prone to making mistakes and automatic removal guarantees the results.
This virus gets downloaded to your computer in some sort of disguised form so that you can not recognize it. For example, you visit a video site and get asked to download a codec to watch the video. You think that a codec is required to watch the video in question but In fact, the site just fooled you and you downloaded the virus yourself. This is how the online crooks do the operation. They send such rogue products in user's computer in a disguised form. They hack legitimate websites and install the malware there as well. You trust those websites and end up downloading the malicious stuff. There are hundreds of ways used by scammers to promote the virus and it is impossible to outline all those ways. Here is a screen shot of the virus doing a false scan :
As your computer is infected with Xp Antispyware 2012 virus, there first thing I would to to tell you is, Don't Worry. It is possible to remove the virus and there is no need to get frustrated. Sure, the virus is malicious but there are methods to clean this virus completely and stop its recurrence in future. Many people believe that now they need to re-format the computer to get rid of the virus but this is simply not true.
How To Remove XP Antispyware 2012 Rogue Antivirus
Removing rogue products and malware is easy when you know what you are doing. Though it is not easy to remove xp antispyware 2012 but with some efforts, you are surely remove it once and for all. You can remove the virus yourself by choosing any of these two methods depending on your expertise level.
A) Automatic Removal Method
First method is specially for the guys who are afraid of dealing with the virus. This method is very easy to follow and even If you don't have dealt with a virus in your life, you can kick out this virus from your computer. All you need to do is download a genuine spyware remover, scan your computer in safe mode and get rid of the virus. Here is a powerful spyware remover for you :
| Remove XP Antispyware 2012 Virus Automatically. |
1. Try to conduct the automatic removal in Normal Mode of windows. If you find that rogue software is blocking Spyware Doctor, reboot your computer in "Safe Mode With Networking" mode and then do a scan. Keep pressing F8 button of your keyboard when your computer boots up and then select "Safe Mode With Networking" mode.
2. Spyware Doctor is programmed to do Intelli-scan by default but you need to do a "Full Scan". Before you start scanning your computer, please select "Full Scan" so that all the things in your computer go through a very rigorous scanning process and all threats are caught. Once the scan is complete, remove all the threats by clicking the "Fix" button.
B) Manual Removal Of XP Antispyware 2012
Manual removal is strictly for computer experts and you should not try your hands on it If you don't know what you are doing. This method requires you to do everything manually and this process can be very risky If you are not a computer expert.
Therefore, please follow these steps under expert supervision to avoid any unseen consequences later on :
1. Launch Task Manager and look for a process which has 3 characters in it. Now see how much memory this particular process is eating and what are the CPU Usage of this process. If you find that this process is continuously eating memory, right click on it and click "End Process Tree". It is highly likely that this process is related to the virus. If you end the right process, the virus window will be also closed automatically.
If you find that Task Manager has been disabled on your computer, then the only solution for you is automatic removal method which should be performed in Safe Mode.
2. Please remove these registry keys from registry editor (Click Start/Run, type "regedit" and click OK) :
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘
3. Please remove these malicious files from your computer :
%AllUsersProfile%\84mt3e0is2b6lrulfioi362nt3p
%AppData%\84mt3e0is2b6lrulfioi362nt3p
%UserProfile%\Local Settings\Application Data\(random 3 letters).exe
%UserProfile%\Templates\84mt3e0is2b6lrulfioi362nt3p
%Temp%\84mt3e0is2b6lrulfioi362nt3p
Now reboot your computer in Normal mode and you shouldn't face any prompts of XP AntiSpyware 2012 Virus. Still, I would advise you to scan your computer with a Spyware Remover to find all the traces of the virus. Manual removal is prone to making mistakes and automatic removal guarantees the results.
No comments:
Post a Comment