When run, AV Security 2012 pretends to scan your computer for malicious software. It may lock down Windows functionality to prevent accessing system utilities and legitimate anti-malware software. Although, the rogue program itself cannot delete your files or steal login credentials, we have observed that it may contain backdoor capabilities, enabling software to download additional malware onto your computer or install spyware modules. Very often, AV Security 2012 comes bundled with a rootkit from the TDSS family. Interestingly, this rootkit is able to block anti-virus products and install click fraud modules. It's not a coincidence that users infected with fake AVs are redirected to malicious and spammy websites every time you click on a Google or Bing search results. Cyber crooks act to maximize profits.
Here's what the rogue antivirus called AV Security 2012 looks like.
A couple of fake security alerts you may see when this rogue antivirus is active.
If you're having a hard time removing it, it's because your removal procedure is hopelessly flawed. Just don't purchase AV Security 2012 and do not wait until your computer becomes a part of a botnet. By far the most easiest way to get rid of System Security 2012 is to use the debugged activation code 9992665263 and run anti-malware software. However, you can follow alternate removal methods described below as well. Manual removal might be somehow more complicated but it works. Just follow the removal instructions below very carefully. If you need any extra assistance removing AV Security 2012, please leave a comment below. Good luck and be safe online!
http://computertipsandguide.blogspot.com
AV Security 2012 removal instructions:
1. First of all, download and run ZeroAccess/Sirefef/MAX++ removal tool. (works on 32-bit systems only! If you have 64-bit system, proceed to the next step)
2. Then use TDSSKiller.
3. And finally, download recommended anti-malware software (STOPzilla) to remove this virus from your computer.
If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!
Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
Manual AV Security 2012 removal guide:
1. Right-click on AV Security 2012 icon and select Properties. Then select Shortcut tab.
The location of the malware is in the Target box.
2. In our case the malicious file was located in C:\Windows\System32 folder. Select the malicious file, rename it and change a file name extension.
Original file: TcS22bF3nGaQWKf.exe
Renamed file: TcS22bF3nGaQWKf.vir
3. Restart your computer. After a reboot, download free anti-malware software from the list below and run a full system scan.
4. Download recommended anti-malware software (STOPzilla) and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
5. Remove the TDSS/ZeroAccess rootkit (if exists). Please follow this removal guide: http://computertipsandguide.blogspot.com/2010/03/tdss-alureon-tidserv-tdl3-removal.html
Manual activation and AV Security 2012 removal:
1. Choose to remove threats and manually activate the rogue program. Enter one of the following codes to activate System Security 2012.
9992665263
1148762586
1171249582
1186796371
1196121858
1225242171
1354156739
1579859198
1789847197
2. Download recommended anti-malware software (STOPzilla) and run a full system scan. This program will remove the virus from your computer.
3. Remove the TDSS/ZeroAccess rootkit (if exists). Please follow this removal guide: http://computertipsandguide.blogspot.com/2010/03/tdss-alureon-tidserv-tdl3-removal.html
Associated AV Security 2012 files and registry values:
Files:
- C:\WINDOWS\system32\[SET OF RANDOM CHARACTERS].exe
- %AppData%\jGteKoRdoSdLrJs\AV Security 2012.ico
- %AppData%\ldr.ini
- %DesktopDir%\System Security 2012.lnk
- %Programs%\AV Security 2012\AV Security 2012.lnk
- %Programs%AV Security 2012
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
No comments:
Post a Comment