Wednesday, February 23, 2011

How to Remove Mega Antivirus 2012 (Uninstall Guide)

Mega Antivirus 2012 is a rogue security program that reports viruses and other malicious software, even though your computer is actually clean. The rogue program doesn't provide the level of detail needed to confirm that your computer is infected viruses. It displays pop-up windows with false alerts and may prevent you from visiting anti-virus vendor websites or launching legitimate malware removal tools. Mega Antivirus 2012 attempts to lure you into upgrading to a non-existent paid version of a program to remove the viruses and to protect your computer against other types of malware. Please do not purchase this bogus program. And if you think you might have entered sensitive information into a fake pop-up window, you should check your associated accounts. To remove Mega Antivirus 2012 and any related malware from your computer, please follow the steps in the removal guide below.



Mega Antivirus 2012 is promoted through the use of fake online scanners and legitimate looking pop-up windows that advertise this rogue program. They usually appear on your screen while you surf the web. The message from a web page states that your computer might be infected with spyware and other malware. It then launches Mega Antivirus 2012 Online Security Scanner which detects numerous malware related problems on your computer. Actually, it doesn't scan your computer and lists non-existing infections so make sure you do not download anything from such fake online scanners.





Once Mega Antivirus 2012 is installed, it modifies certain Windows registry keys, blocks task manager and other system utilities. It corrupts the legitimate rundll32.exe program too.



Once Mega Antivirus 2012 displays at least one fake security notification that contains the following message:
Mega Antivirus 2012 Warning
Mega Antivirus 2012 has detected some serious threats to your computer! Please remove these threats as soon as possible! You can so by clicking here.


As you can see, Mega Antivirus 2012 is nothing more but a scam. You can remove this rogue program manually but we strongly recommend you to scan your computer with anti-malware software to make sure that every piece of malicious code was removed from your computer. Files associated with Mega Antivirus 2012 are listed at the end of this page. For more information, please read the removal instructions below. If you have any questions or suggestions, please leave a comment. Any additional information on this rogue program would be appreciated. Good luck and be safe online!


Mega Antivirus 2012 removal instructions:

1. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

2. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Associated Mega Antivirus 2012 files and registry values:



Files:
  • C:\WINDOWS\addons\
  • C:\WINDOWS\addons\addon.exe
  • C:\WINDOWS\addons\ma2012.exe
  • C:\WINDOWS\addons\base\
  • C:\WINDOWS\addons\base\license.pwd
  • C:\app1.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "Policies" = 'C:\WINDOWS\addons\addon.exe'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "HKCU" = 'C:\WINDOWS\addons\addon.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "Policies" = 'C:\WINDOWS\addons\addon.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "addons" = 'C:\WINDOWS\addons\addon.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SystemStart" = 'C:\WINDOWS\addons\ma2012.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe "Debugger" = 'C:\app1.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger" = 'C:\app1.exe'
Share the knowledge:

No comments:

Post a Comment