What is your advice for removing the fake Win 7 Home Security 2012 software?
Question by Uvas /

My computer is infected with a fake anti-virus program “Win 7 Home Security 2012″. It’s a virus pretending to be an anti-virus program.

There are websites that offer solutions, but I don’t know who to trust. Some of them claim to be free, but they are not. How do I know these are not the originators of the virus anyway? I can afford a small fee, but it’s totally a trust issue and NOT a money issue.

All the solutions I found require downloading their stuff & that is not preferred.

Also this seems to be a more sticky virus than most if you want to manually fix it yourself, changing dozens of registers, among other things.

Anyone with firsthand experience please share …

Ads by Google
Browse other questions & answers in the category , ; tagged , , , ; or ask your own question.

Comments for this Question are closed.

If you are looking for help, please ask a new question.

We will be happy to help you!

Answers (10)
  • Rodney

    You might try typing mrt in the run box and running that. It is microsoft malicious software removal tool. Run a full scan with that and see if it catches it.

  • Anonymous

    http://remove-malwares.blogspot.com/2011/06/how-do-i-remove-xp-home-security-2012.html This excellent video guide will teach you how to remove this type of malware

  • FIDELIS

    Hello, the most important thing you can do everytime you restart your computer is not to run the scan that pops up in order to boot up completely.  Some of these new fake antiviruses infect you more the more you scan.  Try to close fake antivirus program windows if possible.  Here are the steps that work 100 % with these kind of infections.  I would recommend not to reformat because on my experience these kind of fake antiviruses are a pain but no really hard to get rid off.  

    Go to the following site and download Rkill.  Rkill is a tool specifically coded to stop the malware executable files from working.  When you run Rkill and it finishes shutting down the malware files, you can use your computer normally until the next restart.    

    http://www.bleepingcomputer.com/download/anti-virus/rkill

    If you are using a different computer, try to download the iExplore.exe version to a flash drive and run it from there by double clicking on the file.  If you are using the infected computer, downloaded to your desktop.  This version of the program is almost never stopped from running by malware because it imitates the explorer.exe file on your computer.  Once the program is on flash drive, plug your flashdrive and run the program by double clicking on the file.  Let the program do its thing and you will know that it stopped the malware when you see no icons on your desktop and your computer is behaving normally.

    Ok, after you run Rkill, malware will not stop you from downloading antivirus updates or antivirus programs.  Take advantage of this, and go to http://www.malwarebytes.org/ and download the free version to your desktop or a flash drive.  Also go to http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE and download the portable version of the file.  It should have a .com extension.  Malwarebytes and SuperAntiSpyware are two of the best antimalware tools available nowadays and best of all, the free versions are more than enough to fix malware problems.

    Now, in order for you to completely clean your computer, it is better if you disable the system restore and its restore points.  It is important you do this because if not, malware might reinstall next time you restart your computer.  Remember that if you use
    rkill, you will have no icons on your desktop, you will have to use the task manager to access programs.  In order for you to access system restore, follow the next steps:

    — press Ctrl + Alt +Del to launch Task Manager or Ctrl + Shift + Esc
    — on menu, click on File
    — select new Task
    — enter the following command:

              %systemroot%system32restorerstrui.exe

    — click on Ok
    — click on System Restore Settings
    — put a checkmark on Turn off System Restore on all drives
    — click on ok

    When the steps above are done, restart your computer and access safemode.  It would be optimal to select safemode with networking because then you will be able to update your antivirus software and SuperAntiSpyware.  Here is a link explaining different ways of reaching safemode:

    http://bertk.mvps.org/html/safemode.html

    Once you are on safemode with networking you can either, copy the programs you downloaded from your flashdrive to your computer, or run the programs from your flashdrive.  Double click on the SuperAntiSpyware program, select updates, and then run a full scan.   When program is finished scanning delete any entries found and if asked to restart computer, choose no.

    Now, execute the Malwarebytes program, check for updates and run a complete scan.  When scan is finished, delete any entries found.  By now, your computer should be clean or almost clean.  To make sure, update your antivirus if you have one installed, and/or download a antivirus program and run a full scan.  Here are two good free options:
    avast free:  http://www.avast.com/en-ca/free-antivirus-download
    security essentials: http://www.microsoft.com/security/pc-security/mse.aspx

    After you run all the complete scans for the softwares mentioned above, and your system is reported clean, restart computer on normal mode and to make sure, run complete scans of the two spyware fighting softwares and also a complete scan with your antivirus software.  If nothing is found and system is clean, go back to system restore and enable it.  Make sure that you create a system restore when system is clean. Hope it helps;

  • Sonny Bass

    http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011I followed this guide to remove it from my sister’s computer.

  • Adam Wise

    These are all generally the same in removal process no matter the name, only difference may be of how they affect your machine. BleepingComputer is a reputable source and you can download and run anything they provide per their instructions.

    http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

    • uvas

      First of all thanks for replying. But I came upon this problem:

      When I tried to download “RKill” listed in step #4, my McAfee immediately quarantined the iExplore.exe saying it is a Trojan file. I tried twice and McAfee did it twice. Are you SURE bleepingcomputer.com is trustworthy?

      http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

    • Tina

      BleepingComputer is absolutely trustworthy!

    • uvas

      Okay i got everything fixed. The bleepingcomputer solution was good, one just has to find a way to download Rkill w/o having your own anti-virus s/w quarantine it. Thanks to everyone here ..

      There’re also a couple of threads on McAfee’s forum that discuss the same problem.

      Another thing I noticed is that Google no longer give me very good search results — else I wouldn’t take so long to find reputable anti-malware.

    • Tina

      Thank you for the update, Uvas!

    • uvas

      Madam, I remain most gratefully yours,
      Uvas

      now if only someone can speed dial FB to get my FB page back for me…