If you are still needing assistance, please refer to the following removal guide as outlined below. This is to insure no steps have been skipped.
DO NOT do any cleaning until instructed to do so, Do to the nature of this Malware, System Files could by accident be deleted
Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes.
Once that file is downloaded, Double-click on the FixNCR.reg
file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step
Now we must first end the processes that belong to Win 7 Antispyware 2012 & Vista Antivirus 2012 and clean up some Registry settings so they do not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.
RKill Download Link
Once it is downloaded, double-click on the iExplore.exe
icon in order to automatically attempt to stop any processes associated with Win 7 Antispyware 2012 & Vista Antivirus 2012 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Win 7 Antispyware 2012 & Vista Antivirus 2012 when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Win 7 Antispyware 2012 & Vista Antivirus 2012 . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead.
- Do not turn off computer until after running Malwarebytes when using rkill or the process will have started again and you will have to start over.
- Vista and Windows 7 users, right click and click run as administrator.
- Keep running Rkill until no malicious processes are detected
There have been reports of this infection being bundled with the TDSS rootkit infection. To be safe you should also run a program that can be used to scan for this infection. Please follow the steps in the following guide:
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
If TDSSKiller requires you to reboot, please allow it to do so
Lets run another scan with Malwarebytes' (Mbam), Updating first to the latest database(if posible, if not continue)
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- If it asks for a Restart DO SO, Very Important
- PLease post this log in your next reply
Now please download SUPERAntiSpyware
and save to Desktop
- Double-click the icon on your desktop named SUPERAntiSpyware.exe. This will start the installation. Keep following the prompts in order to continue with the installation process.
- Please select your language you want the program to use and then press the OK
- You will now be prompted to update the SUPERAntiSpyware definitions. Please press the Yes button to allow the program to download and install the latest updates
- After the definitions are updated, the welcome screen for SUPERAntiSpyware will appear.
- When you get to the screen asking if you would like to send the diagnostics, you can choose to allow it to or not. Either choice will have no affect on the effectiveness of its malware scan. When you get to the last screen, click on the Finish button.
- You will now be prompted if you would like SAS to protect your home page. If you select the Protect Home page option, SUPERAntiSpyware will alert you if another program is trying to change your browser’s home page. Click Yes
- Then you will be at the main screen for SUPERAntiSpyware. Click the Preferences button, then Scanning Control tab, and put a checkmark in the following options
- Close browsers before scanning.
- Scan for tracking cookies.
- Now press the Close button to go back to the main screen.
- Click on the Scan your Computer… button to begin the scanning process. You should select the Perform Complete Scan option and then press the Next button to start scanning your computer.
- When the scan is finished a screen will appear showing the summary of what was detected. You should click on the OK button to close the summary screen box and continue with the removal process.
- You should now click on the Next button to remove all the listed malware. If it displays a message stating that it needs to reboot, please press the Yes button to allow it to do so. VERY IMPORTANT to DO
- Click the Repair Tab after the restart if any issues still remain and SAS will atempt to fix them. Please check all boxes and then click Repair Selected Items
and save it to your desktop
Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr
to run the tool.
When done, the DDS.txt
file will open.
Click Yes at the next prompt for Optional Scan.
- When done, DDS will open two (2) logs:
- Save both reports to your desktop
- Please include the following logs in your new topic that you will create: DDS.txt and Attach.txt
- YOu may attach these 2 logs
LOgs to reply with:
- Mbam Log (Copy & Paste)