Friday 21 October 2011

Security Sphere 2012 Removal - How To Guide

Security Sphere 2012 is a polished version of System Tool and MS Removal Tool with same malicious features. All these rogue products are created by the same family and they are creating new products like a clockwork. Every few months, they create a new rogue software with different name to avoid detection from antivirus programs.

Security Sphere 2012 is the latest malicious creation of on-line crooks and this software is spreading very fast. This rogue blocks all the running programs in your computer and won't let you run any application. Whenever you'll try to run a software, It will automatically close it and tell you that this software is infected.

Security Sphere 2012 gets into your system via compromised downloads, fake flash updates and other similar methods. It actually enters in a disguised manner to your computer and you won't even suspect that It is a rogue software. Once you install this software, It will conduct a complete scan of your computer and report numerous fake infections. None of these infections are actually present on your computer but the report is fabricated by Security Sphere 2012.

To remove those infections, you'll be asked to buy full version of Security Sphere 2012 which is equally useless. Don't pay money to these scammers and remove security sphere 2012 from your computer as soon as possible. Here is a screen shot of Security Sphere 2012 doing fake scan :



Security Sphere 2012 will configure itself to run at startup so that you can not stop it anyhow. Once running in your computer, It won't let you run anything.

We have tested behavior of this rogue and found that It doesn't block files having "explorer.exe" name. For this reason, download Process Explorer and save it as "explorer.exe" to your computer. Now run explorer.exe (Process Explorer) and you can end active process of Security Sphere 2012. Process Explorer works exactly as Windows Task Manager.

After ending active process of Security Sphere 2012, now you can download Spyware Doctor to remove the infection completely from your computer. Click the button below to download Spyware Doctor.


Security Sphere 2012 blocks everything and makes its removal much harder. You can follow these steps to remove Security Sphere 2012 from your computer easily :


1. Automatic Removal

Automatic Removal is the fastest solution to get rid of Security Sphere 2012. Automatic Removal is based on using a genuine anti-spyware software to clear the infections. Follow these steps to remove security sphere 2012 :

1. Restart your computer and press "F8" key on your keyboard during startup.

2. When you see a menu, select "Safe Mode With Networking" and start your computer. Security Sphere 2012 will not be run itself Safe Mode. If it somehow manages to run in Safe Mode,  download Process Explorer and save it as "explorer.exe" to your computer.

Now run explorer.exe (Process Explorer) and you can end active process of Security Sphere 2012 easily. This way Security Sphere 2012 won't intervene during removal and you can do your job easily.

3. After ending active process of Security Sphere 2012, run Internet Explorer and Download Spyware Doctor .Spyware Doctor's malware database is huge and It can easily catch viruses like Security Sphere 2012. After downloading, please install Spyware Doctor, install it and update its virus database.

After that, conduct a "Full Scan" of your computer and remove all the infections. That's it! On next reboot, you can boot up your computer in safe mode and everything will be back to normal. 


2. Manual Removal

Manual Removal method is not suitable for most computer users as It is very hard to follow and a minor mistake can cause big problems to your computer. To remove Security Sphere 2012 manually, you need to find and delete culprit files yourself. It can be a tough task If you are not well versed with computers. On the other hand, If you delete a wrong file mistakenly, It can be fatal for your computer.

You can follow these steps to remove the rogue software manually :

1. Boot up your computer in "Safe Mode with Networking Mode".
2. Run registry editor by clicking on Start-->Run, type regedit and click OK. Delete this registry entry :

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION "svchost.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "enablehttp1_1" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "<random>"

Keep in mind that registry is a core part of your computer and editing it incorrectly may cause further problems to your computer.
  
3. After deleting above registry entries, please find and delete these files from your computer :

%AllUsersProfile%\<random>\
%AllUsersProfile%\<random>\<random>
%AllUsersProfile%\<random>\<random>.exe
 %StartMenu%\Programs\Security Sphere 2012.lnk

Follow above steps carefully and you should be able to remove Security Sphere 2012. Keep in mind that manual removal steps don't guarantee results. If the virus has changed its way of operating, manual removal steps may no longer work. To avoid all the hassles ans risk, you can opt for automatic removal method instead.

Monday 17 October 2011

Guard Online Virus Removal - How To Guide


Guard Online looks exactly as Cloud Protection software and both products are malwares designed by the same family. These products are called ransomware as products like Guard Online do a fake scan of your computer and try to cheat money from you. The creators of this software want to sell a bogus software as Guard Online can't protect your form anything.

Guard Online software was created by on-line scammers and they have a complete team dedicated for creating rogue products. These guys are releasing new bogus products everyday and distributing them on-line through various channels. Such rogue products are mainly promoted on hacked websites and when you visit those sites, Guard On-line virus automatically installed itself in your computer without your knowledge.

Once the installation is done, it will pop-up on your computer's screen and start scanning your computer without your permission. It will tell you that your computer is seriously infected and you need clean out viruses from your computer. See this screen shot of Guard online virus doing fake scan :
Guard Online Virus Doing Fake Scan on My Computer

Showing a List of Running Processes to Look Legitimate
Guard Online will report numerous false infections on your machine and then ask you to purchase full version of Guard Online to remove those infections. If you fall for this trap and buy the rogue software, you'll get a fake activation key. Once you enter that key in Guard Online, It will tell you that now your computer is free from viruses. This is a bogus tactics to trap you and after taking money from you, Guard Online will stop doing malicious things.

Don't get fooled by this rogue software and remove guard online from your computer as soon as possible. Removing this rogue on your computer will do more harm to your PC and lessen the chances of recovery.


Guard Online will do the followings to your computer :

1.  Block all products on your computer and won't let you run any software.
2. Your system will get a lot slow and you'll see random error messages in system tray.
3.  Your antivirus software will get blocked and If you try to run it again, Guard Online malware will forcefully close it down.
4.  Several essentials settings of your computer will get changed by the malware so that you can't remove it easily.
How To Remove Guard Online Virus

Guard Online is a very stubborn software and can't be removed easily by an average computer user.  We have tested behavior of this rogue software in our research lab and found two methods which can help you :
1. Automatic Removal

Automatic Removal method means using a software to remove guard on-line malware.  This removal method is fast, easy and guarantees complete removal of the rogue. If you follow this removal method, It hardly takes 30 minutes to resolve all errors and problems on your PC.

This removal method can be used by anyone. If you are not skilled with computers, don't worry as you just need to download a software and scan your computer for possible infections. Everything else is done automatically by Spyware Doctor. Here are the detailed steps you should follow :


1. Restart your computer and press "F8" key on your keyboard during startup.

2. When you see a menu, select "Safe Mode With Networking" and start your computer. Guard On-line will not be able to run itself in Safe Mode and It will make your job easier.


3. Once your computer boots in safe mode, run Internet Explorer and Download Spyware Doctor . Spyware Doctor is the best malware remover software in the world. After downloading Spyware Doctor,  install it in your computer and update its virus database.

After that, conduct a "Full Scan" of your computer and remove all the infections. That's it! On next reboot, you can boot up your computer in safe mode and everything will be back to normal. 


2. Manual Removal

Manual Removal method is very hard and risky to follow. Among thousands of different files on your computer, It will be always impossible for you to spot the files related to malware. This is why we don't recommend manual removal method and If you delete a wrong file from your computer, your problems will just get worse.

Guard Online virus creates its files with random names. On each computer, this software creates a different filename and that's why It is not possible to mention the correct filename.

Please follow these steps to remove guard online virus manually :

1. Boot up your computer in "Safe Mode with Networking Mode".
2. Run registry editir by clicking on Start--Run, type regedit and click OK. Delete this registry entry :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"

Please note that registry is a core part of your computer and editing it incorrectly may harm your computer.
  
3. After deleting above registry entries, please find and delete these files from your computer :

%AppData%\<random>\
%AppData%\<random>\
%AppData%\<random>\
%AppData%\<random> Guard Online.ico
%AppData%\ldr.ini
%StartMenu%\Programs\Guard Online\
%StartMenu%\Programs\Guard Online\Guard Online.lnk
%System%\<random>.exe%AppData%\E77ikC6uQA5hAym (or Similar Random Name)
 %AppData%\GxxTGN9pzF  (or Similar Random Name)
%AppData%\g44tgnOLrfI2dJw   (or Similar Random Name)

Follow above steps and use your common sense to decide If you should delete a particular file. Don't ever delete a file based on your guess because If you delete a system file, Windows will not load and show you a fatal error. At that point, re-installation of your computer will be the only option.

If you want to avoid al the hassles, download Spyware Doctor and remove guard on-line automatically. You'll get rid of the virus and your computer will stay safe forever. 

Cloud Protection Virus Removal - How To


Cloud Protection is a very dangerous rogue spyware scanner. It acts like it is scanning your computer for real viruses but the fact is, this software is just playing an animation. The scanning activity is bogus and this software isn ot capable of catching viruses. Cloud Protection itself is a virus and you need to remove cloud protection virus from your computer as soon as you can.

This rogue software enters in your computer via security vulnerabilities in a stealth manner. Cloud protection can be found on lots of websites on Internet. These websites are either included in this scam or those websites have been hacked by on-line crooks and malware has been silently inserted into those websites. When you visit one of those websites, you are prompted to download a utility and you'll be convinced that you are downloading a very good software.

After downloading, when you'll install that file in your computer, you'll get Cloud Protection virus in your computer. In most instances, Cloud Protection can't get installed automatically unless you click on its executable file somehow. Things will look so legitimate to you that you'll never imagine that you are downloading and installing a virus yourself. Here is a screen shot of Cloud Protection from our research lab : 
Cloud Protection Rogue Doing Fake Scan
1. It will load itself on startup and as soon as you boot your computer, Cloud Protection will take over everything.
2. Cloud Protection virus will block all legitimate application on your computer and won't let you run them.
3. Your antivirus software or other security software will also get blocked forcefully by the malware.
4.  It will also block Task Manager so that you can't end its process. 
How To Remove Cloud Protection Virus

You can remove Cloud Protection very easy provided you follow the right solution.  These two removal methods are vastly used by victims and we recommend Automatic Removal method at anytime. Automatic Removal method is fast, secure and guarantees complete removal or rogue software.
1. Automatic Removal

Automatic removal method is the best method to remove the rogue software without any hassles. All you need to do is reboot your computer in "Safe Mode with Networking" mode, scan your computer and delete infections. Here are detailed steps :

1. Reboot your computer and continue pressing "F8" key on your keyboard repeatedly until you see a menu.
2. This menu will have several options and you need to select "Safe Mode With Networking" and press Enter key.
3. Once your computer boots in safe mode, run Internet Explorer and Download Spyware Doctor . Spyware Doctor is the best malware remover software in the world. After downloading Spyware Doctor,  install it in your computer and update its virus database.

After that, conduct a "Full Scan" of your computer and remove all the infections. That's it! On next reboot, you can bootup your computer in safe mode and everything will be back to normal. 


2. Manual Removal

Manual removal method is tedious, risky and doesn't guarantee complete removal of cloud protection virus. This method is not recommend for average computer users as If you delete wrong files, your computer may stop booting up completely.

To remove cloud protection virus manually, please follow these steps :-

1. Boot up your computer in "Safe Mode with Networking Mode".
2. Run registry editir by clicking on Start--Run, type regedit and click OK. Delete this registry entry :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"

Please note that registry is a core part of your computer and editing it incorrectly may harm your computer.
  
3. After deleting above registry entries, please find and delete these files from your computer :

%AppData%\<random>\
%AppData%\<random>\
%AppData%\<random>\
%AppData%\<random>\
%AppData%\ldr.ini
%AppData%\svhostu.exe
%AppData%\<random>\Cloud Protection.ico
%StartMenu%\Programs\Cloud Protection\
%StartMenu%\Programs\Cloud Protection\Cloud Protection.lnk
%StartMenu%\Programs\Startup\crss.exe
 %System%\<random>.exe
%AppData%\E77ikC6uQA5hAym (or Similar Random Name)
 %AppData%\GxxTGN9pzF  (or Similar Random Name)
%AppData%\g44tgnOLrfI2dJw   (or Similar Random Name)

Please note that you need to be sensible enough to find out which file is related to virus. Don't do any guesswork white removing the rogue as It can have adverse effect on your computer's health. If you are in doubt, don't take any chances and follow automatic removal method instead. Automatic removal is so easy that even newbie computer users and get rid of cloud protection easily.

Friday 12 August 2011

Personal Shield Pro Removal - How To Remove


Personal Shield Pro is a bogus security software that just imitates real anti-virus scans and then report phony infections which actually doesn't exist on one's system. Personal Shield Pro enters in a disguised way to your computer, for example as a Video Codec or Security Update.  When you download the said video codec, Personal Shield Pro installs itself automatically as the installer file is not a video codec but a rogue software named Personal Shield Pro. There are many similar ways which are frequently used by scammers to trick naive consumers into downloading malicious software. These guys also make use of fake on-line scanners and cheat people by selling them a bogus anti-virus software.

Personal Shield Pro is from same tricksters who created System Tool and MS Removal Tools. Both these products literally infected millions of computer's worldwide and now since most anti-spyware products can detect the existence of System Tool and MS Removal tools, these guys changed their product name to Personal Shield Pro to avoid detection from genuine malware scanners. This game has been going on for quite some time now and there is no end in sight. Here is a screen shot of Personal Shield Pro malware doing a fake scan and reporting bogus infections:


Watch The Removal Video Below Before You Start!
1. First you'll be tricked into running a malicious installer file.
2. Once you run this installer file, nothing will happen and your computer will continue to run normally.
3. Next time, whenever you'll reboot your computer, Personal Shield Pro will activate itself and start scanning your computer.
Once this rogue software is up and running in your computer, it will display lots of fake warnings, system tray alerts and repeated messages urging you to purchase full version of the software. If you fall for this scam and use your credit card to pay for this software, your money will go to spammers and your credit card details will be exposed. You should never purchase such fake software at any cost.

Here is what Personal Shield Pro will do to protect itself on your computer:

1. It will block Task Manager and Registry Editor so that you cannot remove it.
2. It will block all other applications on your computer from running. Whenever you'll run an application, say MS Word, nothing will happen because MS Word (or any other application) will get terminated forcefully by Personal Shield Pro.
3. Your computer will slow down a lot and Personal Shield Pro will literally take over your computer.
4. It will also disable System Restore on your computer.

How To Remove Personal Shield Pro

Personal Shield Pro is very stubborn to go out from your computer. Since It blocks all antivirus applications, removing this rogue can be a real challenge for most people. I personally suggest two methods to remove the rogue software:

1. Automatic Removal

This method is the fastest one and it can help you to remove the rogue software very quickly. Since all antivirus products get blocked, I've found a rather unique way to kick out Personal Shield Pro from your computer by following these two simple steps.

A) I discovered that Personal Shield Pro blocks everything on your computer but doesn't block explorer.exe since it is a critical Windows Process. To end the rogue software, first you need to download Process Explorer

Once you click on above link, download will start but keep in mind that the file's name is procexp.exe. When you download this file, please save it as explorer.exe and then you'll be able to run it. See this video to know how I killed Personal Shield Pro and did its removal after that :

B) After ending the rogue software, Download Spyware Doctor immediately and conduct a full scan of your computer. Spyware Doctor will automatically detect Personal Shield Pro in your computer and will remove it automatically. On next reboot, your computer will be clean as always and start functioning normal again. This is the easiest and safest way to remove Personal Shield Pro without any additional headaches.


2. Manual Removal

Manual removing method is very confusing and suitable only for experienced computer users. Manual removal is actually not completely manual since you'll need to use some sort of utility to end the rogue software. If you are not able to terminate Personal Shield Pro, It won't let you run anything and thus manual removal can't help you. To remove the rogue manually, use Process Explorer to end the rogue software.

After that, please correct these registry entries using Registry Editor. (Run Registry Editor by clicking Start/Run, type "regedit" and click OK button)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\[RANDOM]

After correcting the registry entries, please find and delete these files from your computer. The rogue software uses a random filename which is different for each computer and for this reason; it is not possible to outline the exact filename here.
[random].exe in hard drive
%Temp%\[RANDOM]
%Documents and Settings%\All Users\Desktop\Personal Shield Pro.lnk

After removing above files, your computer should be virus free.  Please keep in mind that manual removal method is prone to mistakes and can have negative effect on your computer. Like your computer may stop working completely or traces of virus may be left on your computer. This is the reason why automatic removal method is highly used and recommended even by experts.

Tuesday 9 August 2011

Zentom System Guard Removal - How To Remove

Zentom System Guard is a fake software and It is from the same family as Antimalware Doctor. This program gets into your computer via fake Windows update alert and unsuspecting users install this update and Zentom System Guard gets installed in their computer.


Once installed, It will show you all sorts of fake alerts and numerous security pop-ups. It will show up as Zentom System Guard Upgrade and the update number is KB904067. This is fake and this update is not coming from Microsoft but from hackers who want to take control over your computer. Once Zentom System Guard virus gets inside your computer, It will do fake scan and show many threats in your computer while in reality, none of the reported threats actually exist on your computer. Here is a screen shot of Zentom System Guard doing a fake scan and showing bogus results just to scare you :


Zentom System Guard will continue to scan your computer without your permission and continue to show many alerts via task bar :

Trojan.Spy threat has been detected.
Warning! Removed attack detected!
Warning! Threat detected!
Network intrusion detected!
Warning! Network attack detected!


All the security alerts shown by this software are fake and you shouldn't pay any attention to these alerts. Such alerts usually pop-up in system tray but you should just close them and do nothing else.



If you have paid for this software in good faith, give a phone call to your credit card company and explain this fraud to them and get your money back. This fake program doesn't offer any value and you should remove it from your computer before it does more harm. Read the steps below to remove Zentom System Guard quickly and easily.

How To Remove Zentom System Guard

A) Automatic Removal Method 

This method is the best one to remove Zentom System Guard from your computer. You'll need to download a genuine spyware remover, scan your computer and then get rid of the infection. Genuine spyware remover products are programmed to detect rogue products and they can easily identify this Zentom System Guard and remove it completely without any problem.


After removing Zentom System Guard, make sure to always have active Spyware Protection on your computer so that threats can be caught before they get installed in your computer and actually damage it.

B) Manual Removal Of Zentom System Guard

Manual removal of Zentom System guard is not easy and since the rogue tend to block some essential programs on your computer, you don't get access to the tools which can help you remove the rogue.


If you are a computer geek and believe that you can conduct manual removal of Zentom System Guard, you can follow these steps : 

1. 
First of all, please identify and end the virus process using Task Manager. Press Alt+CTRL+Delete buttons on your keyboard to access Task Manager. If task manager is blocked, download Process Explorer utility from Microsoft's website. Process Explorer works exactly as Task Manager.


Download Process Explorer and end active process of Zentom System Guard.
2. Now run Registry Editor and repair these registry entries which were manipulated by the rogue software. If you don't know what you need to change in these entries, please don't do that and use automatic removal method instead. You can run registry editor by clicking on Start/Run, type "regedit" and click OK :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zentom System Guard
HKEY_CURRENT_USER\Software\ZentomSystemGuard
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random file name here>.exe" 

 
3. 
Browse this folder and remove all the malicious files. Just for your information, Application data is the folder where most rogue products keep their executable files and dll files. Browse this folder and delete all suspicious files.



C:\Documents and settings\All users\Local Settings\Application Data



You also need to remove Zenton System Guard's registry entry from startup programs list. For that, click on Start/Run, type "msconfig" and edit the startup programs list. 

Please keep in mind that while manual removal can be very effective method to get rid of Zentom System Guard, you should always scan your computer with a genuine Spyware Remover software. It is very likely that manual removal will always leave traces of the rogue on your computer which can be harmful and virus can return back to your machine. 

Tuesday 2 August 2011

Security Protection Removal - How To Guide

Security Protection is a fake product just created to trick you into thinking that your computer is seriously infected with multiple threats. This software is not created by a software company but a group of hackers who are doing this to extort money from average computer users who are not aware of such shady tricks.

Security Protection virus enters in your computer in a stealth way and in most cases, computer users download this program themselves thinking It is something useful. When they double click on the installer file, Security Protection malware appears on the screen and now you need to do a lot of exercise to repair your computer. A screen shot of Security Protection :


When Security Protection malware is active in your computer, It blocks everything you try to run. If you run Task Manager, Security Protection will close it forcefully and show a message saying that Task Manager is infected. This message is not true but this rogue software is blocking everything so that you can not remove it.

Security Protection will do everything It can to stop you from finding a remedy to this problem. The only hope for you is Safe Mode of Windows and this is what you need to do to remove security protection from your computer. Read the instructions below to know how to get rid of security protection easily.

How To Remove Security Protection


Removing Security Protection is not easy as it will not give you a chance.  It will block everything on your computer and won't let you access the Internet. Just think that when you can't access anything on your computer, how will you remove security protection? Don't worry and try following these steps :

1. Remove Security Protection using a Spyware Remover 

If you are not a computer expert and can't deal with fake software yourself, you should download a genuine Spyware Remover to get rid of security protection. Spyware Doctor is capable of removing this software automatically and you need to follow these steps :

A) Boot up your PC in "Safe Mode With Networking".
B) Access the Internet and download Spyware Doctor.
C) Do a Full Scan of your computer and remove all the infections.

You can download Spyware Doctor by clicking the button below :


Spyware Doctor is a very powerful software and will remove the rogue quickly and very easily. Using a Spyware Remover will save you lots of time and headaches. Your computer will return back to normal in no time.

Spyware Doctor will not only remove security protection malware but also scan your computer for thousands of possible threats. It is very likely that lots of threats will get caught on your computer and you'll get surprised and shocked like never before.

2.Remove Security Protection Manually

If you consider yourself a computer expert, you can try to remove security protection manually. Removing security protection manually can be really tough and If you don't know what you are doing, you may damage your computer even further.

When you follow manual removal method, please make sure that :

1. You don't delete system files otherwise you can be in deep trouble.
2. Edit the Registry very carefully as It is heart of Windows.
3. Unregister all DLL files carefully.
4. Remove all executable files related to rogue software.

Run Registry Editor (Click Start/Run, type "regedit" and click OK) and delete these registry entries :

HKEY_CURRENT_USER\Software\Security Protection
HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz
HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1
HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}
HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}
HKEY_CURRENT_USER\Software\Microsoft “adver_id” = “29?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe;”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Protection”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “rundll32? = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\defender.exe” /sn”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = “0?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “rundll32? = “”

Delete These Malicious files from your computer (Search For Infected Files using Windows Search Utility and Delete Them)

%Documents and Settings%\[User Name]\asr.dat
%Documents and Settings%\[User Name]\Application Data\1tmp.bat
%Documents and Settings%\[User Name]\Application Data\defender.exe
%Documents and Settings%\[User Name]\Application Data\scan.dll
%Documents and Settings%\[User Name]\Application Data\[random].tmp

If you follow manual removal steps carefully, you should be above to get rid of security protection quickly and easily. If manual removal steps are ineffective, go for automatic removal method as results are completely guaranteed.

Friday 29 July 2011

Win 7 Security 2012 Virus Removal - How To Guide

Win 7 Security 2012 has lots of different names and this fake security software changes its name automatically according to the operating system you are using. If you are running Windows 7, It will change its name to one of the followings :

1. Win 7 Security 2012
2. Win 7 Antispyware 2012
3. Win 7 Internet Security 2012
4. Win 7 Home Security 2012
5. Win 7 Antivirus 2012

If you are running Windows XP, It will change its name to "XP Security 2012". This name changing rogue is extremely dangerous and It is taking toll on consumers since 2009. The bad guys behind these fake products change their products name every year so that their products look legitimate and can't be detected by anti-virus products. All variants of these software are fraudulent and specially developed to scam users out of their money.

These software produce fake scan reports and trick users into paying for a nonsense software. Reports have revealed that scammers are making millions of dollars every year with these sneaky methods and there is no end in sight. New rogue products are emerging daily and people are getting scammed because they don't have a genuine Spyware Protection on their computers. Rogue products can even takeover your genuine antivirus products and you really need very strong protection on your computer to overcome this problem. Here is a screen shot of Win 7 Security 2012 Virus doing a fake scan:



Research Lab Video Showing Proof Of Removal. Complete Removal Guaranteed!


Win 7 Security 2012 can't help your computer and its security. This fake antivirus software is just after your money and wants to scam you for no reason. Don't trust its scan reports, security alerts, pop-up alerts and other things as they are just to deceive you.  All those warnings are false and there is no such thing happening on your computer. Win 7 Security 2012 may even report that your computer passwords are being stolen and other similar scary warnings. Don't pay attention to these fabricated warnings and remove Win 7 Security 2012 as soon as possible

How To Remove Win 7 Security 2012 Virus

A) Automatic Removal Method - Easiest Method To Remove Win 7 Security 2012

Automatic Removal method is the most easiest, safest and powerful method to remove the fake product from your computer. You just need to download a legitimate software like Spyware Doctor and remove Win 7 Security 2012 automatically. Here is what you need to do :



1. Reboot your computer and press "F8" key on your keyboard repeatedly. Pressing this key at startup will show Windows Startup Menu.
2. Use Down Arrow key to select "Safe Mode With Networking" and press "Enter" button.
3. Once your computer is up in "Safe Mode with Networking" mode, download Spyware Doctor by clicking the button below 


4. After downloading Spyware Doctor, install it in your computer and update its virus database first.
5. Now do a "Full Scan" of your computer and Spyware Doctor will automatically catch Win 7 Security 2012 as well as other threats hiding in your computer. Click "Fix Checked" button and now your computer is free from all the viruses.

Automatic removal of Win 7 Security 2012 guarantees complete removal of the virus and this rogue software will never return back to your computer. All the malicious stuff on your computer gets cleaned automatically without any errors and risks. All the files and data on your PC remains in its original shape and no harm is done.

B) Manual Removal - Tedious and Perplex Method To Remove Win 7 Security 2012 Virus

It is possible to remove Win 7 Security 2012 manually but for that you must be a computer expert. If you just have basic knowledge of computers, you should not follow this removal method as this method is self hurting. 


If you make a mistake and delete wrong files, your computer may need complete re-installation. If you are a technical geek and have good knowledge of how Windows operating system works, you can follow these steps to remove Win 7 Security 2012 :

1.
Press Alt+CTRL+ESC keys on your keyboard to launch Task Manager and then end a process having 3 characters in its name. Please note that many other legitimate processes can have a 3 letter name so please be careful when you end the malicious process. You'll need to do some guesswork here as Win 7 Security 2012 creates files with different names on every computer.



If you are unable to access Task Manager, then automatic removal method is the only solution for you. If you can access Task Manager, please end the process related to Win 7 Security 2012 and follow next steps.

2. Run registry editor and repair these registry entries that were changed by the rogue software. To access registry editor, please Click Start/Run, type "regedit" and click OK :

HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’

3. 
Browse this folder and remove all the malicious files :


C:\Documents and settings\All users\Local Settings\Application Data

 In application data folder, please look for files which have 3 letter name and remove them. This way you can easily remove Win 7 Security 2012 and all its components. If manual removal steps doesn't work for some reason, you can always try automatic removal method.