Saturday, December 31, 2011

Win 7 Antivirus 2012


Win 7 Antivirus 2012 is a rough antivirus program. It pretends to scan the system for viruses and shows a fake result at the end.
In the scan result, it claims that dozens of files are infected and proper action is required to be taken immediately. Both the scan and virus removal processes are fake. It was created by the bad guys to become richer by fooling the people. When a person pays the registration fee for the so called 
‘infections’, he is becoming a victim of an internet fraud.

 
If your computer too is infected by this fake antivirus application, do the steps given below to get rid of it.
  1. Delete Infected Files
  2. Remove Infected Registry Entries
  3. Boot from a Rescue Disc
  4. Use Powerful Antivirus
Delete Infected Files
For the first time when you opened Win 7 Antivirus 2012, bunch of malicious files were copied to your computer. All of these reside in different folders which should be removed.
First of all, start your computer in the Safe Mode with Networking mode so that none of these files will run at the startup.
  1. Restart the computer.
  2. Press F8 key before your operating system starts booting.
  3. In the new screen, select Safe Mode with Networking option and press ENTER.
  4. Open My Computer.
  5. Delete random numbered files such as, 01.exe, 02.exe from C:\Users\\AppData\Local.
  6. To completely remove Win 7 virus, delete the t3e0ilfioi3684m2nt3ps2b6lru folder from the following directories:
  • C:\Program Data
  • C:\Users\\AppData\Roaming
  • C:\Users\\AppData\Roaming\Microsoft\Windows\Templates
  • C:\Users\\AppData\Local\Temp
Remove Infected Registry Entries
In order to ensure Win 7 Antivirus 2012 is running at every system startup, couple of registry entries are made in the system registry. To completely remove this virus, you need to delete such infected registry entries.
Note: If you wish to avoid deleting the following registry entries, download a Registry Cleaner and scan your Windows registry and allow it to delete corrupt registry entries automatically.
  1. Click Start, select Run.
  2. Type RegEdit and then press ENTER.
  • One-by-one delete the following registry entries to remove Win 7 Virus 2012:
    • HKEY_CURRENT_USER | Software | Classes | .exe | shell | open | command "IsolatedCommand" = '"%1" %*'
    • HKEY_CURRENT_USER | Software | Classes | exefile | DefaultIcon "(Default)" = '%1'
    • HKEY_CURRENT_USER | Software | Classes | exefile | shell | open | command "(Default)" = '"%UserProfile% | Local Settings | Application Data | [random 3 letters].exe" /START "%1" %*'HKEY_CURRENT_USER | Software | Classes | .exe | shell | runas | command "(Default)" = '"%1" %*'
    • HKEY_CURRENT_USER | Software | Classes | .exe "(Default)" = 'exefile'
    • HKEY_CURRENT_USER | Software | Classes | .exe "Content Type" = 'application/x-msdownload'
    • HKEY_CURRENT_USER | Software | Classes | .exe | DefaultIcon "(Default)" = '%1' = '"%UserProfile% | Local Settings | Application Data | [random 3 letters].exe" /START "%1" %*'
    • HKEY_CURRENT_USER | Software | Classes | .exe | shell | runas | command "IsolatedCommand" = '"%1" %*'
    • HKEY_CURRENT_USER | Software | Classes | exefile "(Default)" = 'Application'
    • HKEY_CURRENT_USER | Software | Classes | exefile "Content Type" = 'application/x-msdownload'
    • HKEY_CURRENT_USER | Software | Classes | exefile | shell | open | command "IsolatedCommand" = '"%1" %*'
    • HKEY_CURRENT_USER | Software | Classes | exefile | shell | runas | command "(Default)" = '"%1" %*'
    • HKEY_CURRENT_USER | Software | Classes | exefile | shell | runas | command "IsolatedCommand" - '"%1" %*'
    • HKEY_CLASSES_ROOT | .exe | DefaultIcon "(Default)" = '%1'
    • HKEY_CLASSES_ROOT | .exe | shell | runas | command "(Default)" = '"%1" %*'
    • HKEY_CLASSES_ROOT | .exe | shell | runas | command "IsolatedCommand" = '"%1" %*'
    • HKEY_CLASSES_ROOT | exefile "Content Type" = 'application/x-msdownload'
    • HKEY_CLASSES_ROOT | exefile | shell | open | command "IsolatedCommand" = '"%1" %*'
    • HKEY_CLASSES_ROOT | .exe | shell | open | command "(Default)" = '"%UserProfile% | Local Settings | Application Data | [random 3 letters].exe" /START "%1" %*'
    • HKEY_CLASSES_ROOT | .exe | shell | open | command "IsolatedCommand" = '"%1" %*'
    • HKEY_CLASSES_ROOT | exefile | shell | runas | command "IsolatedCommand" = '"%1" %*'
    • HKEY_CLASSES_ROOT | exefile | shell | open | command "(Default)" = '"%UserProfile% | Local Settings | Application Data | [random 3 letters].exe" /START "%1" %*'
    • HKEY_LOCAL_MACHINE | SOFTWARE | Clients | StartMenuInternet | IEXPLORE.EXE | shell | open | command "(Default)" = '"%UserProfile% | Local Settings | Application Data | [random 3 letters].exe" /START "C: | Program Files | Internet Explorer | iexplore.exe"'
    • HKEY_LOCAL_MACHINE | SOFTWARE | Clients | StartMenuInternet | FIREFOX.EXE | shell | safemode | command "(Default)" = '"%UserProfile% | Local Settings | Application Data | [random 3 letters].exe" /START "C: | Program Files | Mozilla Firefox | firefox.exe" -safe-mode'
    • HKEY_LOCAL_MACHINE | SOFTWARE | Clients | StartMenuInternet | FIREFOX.EXE | shell | open | command "(Default)" = '"%UserProfile% | Local Settings | Application Data | [random 3 letters].exe" /START "C: | Program Files | Mozilla Firefox | firefox.exe"'
 

Boot from a Rescue Disc
An Antivirus Rescue Disc is a program often burned on a CD ROM that has the ability to boot the computer itself and start the disinfection process.
  1. Download an Antivirus Rescue Disc.
  2. Burn the downloaded ISO files on a CD ROM you have.
  3. Insert this disc in your infected machine.
  4. Reboot the computer, press Delete key repeatedly.
  5. Set First Boot Device: CD ROM and Second Boot Device: Hard Disk Drive.
  6. Save the changes and exit.
  7. When you’re prompted to press any key, follow it.
  8. Follow the on-screen-instructions to start a virus scan and remove infected files. This will completely remove Win 7 Virus.
Use Powerful Antivirus
An Antivirus program can be used to scan your computer and remove Win 7 Antivirus 2012. Be sure to update it regularly.
  1. Download SpamFighter Antivirus. Install and run it.
  2. Update the virus definitions.
  3. Start a full scan and remove all infected files found belonging to Win 7 Antivirus 2012.

 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.