How Did My Computer Become Infected with Win 7 Antispyware 2012?
The Win 7 Antispyware 2012 is another in a very long line of rogue antispyware
programs that sneaks into your computer from infected web sites and
malicious software. It installs itself in a stealth-like manner and
then proceeds to scare you into purchasing it by running and fooling
you into thinking your computer is infected with tons of issues that it
is not. Virus writers are becoming experts in SEO (search engine
optimization) and are getting infected sites ranking very high in the
search engines. Although these sites only rank high for a short time,
they can do tremendous damage while they are showing up. You also may have clicked on a link in an email and were infected.
What Does Win 7 Antispyware 2012 malware look like?
What Does the Win 7 Antispyware 2012 malware do to your
system?
First of all, the program stops you from accessing the Internet by
showing this startup page when you open Internet Explorer or Firefox.
When
you "continue surfing without any security measures" the system still
refuses to access the Internet. It doesn't appear the program uses a
proxy server option to halt Internet connectivity, and the hosts
file appears to be unchanged and valid.
However, the malware
does stop you from running .exe programs, so removing it can be
troublesome without Internet access and the ability to run programs.
Can I Remove Win 7 Antispyware 2012 manually?
Because of so many variations in this particular rogue software,
you should follow the step-by-step procedure below to remove it,
instead of manually hunting through the registry. In previous versions,
the infected file was called kdn.exe, however in the latest version the
file is called mwl.exe. They are usually located in the AppData\Local
folder in the User directory. Since the file tends to change its name,
use the steps below to remove it instead of manually removing it.
Step by Step Procedure for Removing Win 7 Antispyware 2012
Rogue Application
1) We need to restore the ability to run programs first. To do
this, download the following registry file onto a removable disk, USB
drive, thumb drive, etc. and take it to the infected computer. Once on
the infected computer, find the drive in My Computer and open it, then
double-click on the reg file and allow it to import into the registry.
FixNCR.reg2) Restart Your Computer in
Safe
Mode (with Networking) by pressing F8 when the computer boots
and selecting the appropriate option.
3) Download
RKill
from Bleeping Computer
to your desktop. Double-click on it and run it. This program will try
to kill any malicious processes currently running on your system.
3) Now that the computer is somewhat stable, open a web browser and
download Malwarebytes
Anti-Malware from their site
4) After Malwarebytes has downloaded, install it and try to update it.
In one particular occasion, it was unable to update and I had to update
it manually. In order to update Malwarebytes manually, you'll need to
download
the mbam-rules.exe file and run it.
5) Now proceed to run Malwarebytes Anti-Malware and remove any problems
it finds. The malwarebytes scan log will have entries such as this:
Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default)
(Hijack.StartMenuInternet) -> Bad:
("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files
(x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action
taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default)
(Hijack.StartMenuInternet) -> Bad:
("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files
(x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe
-safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default)
(Hijack.StartMenuInternet) -> Bad:
("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files
(x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No
action taken.
Folders Infected:(No malicious items detected)
Files Infected:c:\Users\User\AppData\Local\mwl.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\User\AppData\Local\dxj.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\User\AppData\Local\microsoft\Windows\temporary
internet files\Content.IE5\ARYZKDML\download[1].exe (Trojan.FakeAlert)
-> No action taken.
6) Reboot Your Computer
Run a Thorough Virus Scan
Finally, as an extra
precaution, scan your computer with online virus scanner like
Housecall, BitDefender, or eTrust or download and install an antivirus
program and run a complete scan. A list of online scanners is below,
some however will only scan but not remove issues.
Online Virus Checkers
Trend Micro
Housecall - will scan and remove threats
BitDefender
Scan Online - will scan and remove threats
ESet (NOD32) Online Scanner
Kaspersky
Online Scan - will scan and remove threats
Panda
Activescan - appears to only scan for but not remove threats
McAfee
FreeScan - appears to only scan for but not remove threats
eTrust
Antivirus Web Scanner - will scan and remove threats
Symantec
Security Check - will scan and remove threats
Dr.Web
Online Check - user can upload and test for threats on
particular files
Trojan Scanner
TrojanScan by WindowsSecurity.com
Spyware Scanners
Malwarebytes AntiMalware
Super AntiSpyware
Spybot Search and Destroy
Congratulations! Your
computer should be free of the System Smart Security malware.