Remove Win 7 Antispyware 2012 (Uninstall Guide)
What is Win 7 Antispyware 2012 ?
Win 7 Antispyware 2012 is a malicious software that will display virus alerts, also known as “scareware”, claiming malware has been detected on your computer.
The security alerts are professional looking pop-ups and when you click on them, you’re advised to buy this malicious software in order to remove the detected threats.
In reality, none of the issues are real, and are only used to scare you into buying this malicious software and stealing your personal financial information.To make matters worse, this malicious software actually installs malicious code that puts you at risk of attack from additional threats.
As Win 7 Antispyware 2012 is a malicious software which can severely damage your computer, compromise your credit card security and lead to identity theft,you are strongly advised to follow our Win 7 Antispyware 2012 removal instructions below.
Am I infected with Win 7 Antispyware 2012 ?
This is how the main screen of Win 7 Antispyware 2012 looks:
Win 7 Antispyware 2012 Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)
STEP 1 : Start your computer in Safe Mode with Networking
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- Do one of the following:
- If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
- If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to start in safe mode, and then press F8.
- On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER. For more information about options, see Advanced startup options (including safe mode).
- Log on to your computer with a user account that has administrator rights.
STEP 2: Fix the Windows Registry
This rogue changes settings on your computer so that when you launch an executable (a file ending with .exe ) it will instead launch the infection rather than the desired program. To fix this you must :
- Download this registry file that will fix these changes.
registryfix.reg (Size: 354 bytes / Downloads: 352)
- Double-click on registryfix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK.
STEP 3: Check your internet connection for proxies
This infection may add a proxy server which prevents the user from accessing the internet,follow the below instructions to remove the proxy.
- Open Internet Explorer.
- For Internet Explorer 9 : Click on the gear icon at the top (far right) and click again on Internet Options.
- For Internet Explorer 8 : Click on Tools, select Internet Options.
- Go to the tab Connections.At the bottom, click on LAN settings.
- Uncheck the option Use a proxy server for your LAN. This will remove the proxy server and allow you to use the internet again.
For Firefox users, go to Tools > Options > Advanced tab > Network > Settings > Select No Proxy
STEP 4: Download and scan with Kaspersky TDSSKiller
Kaspersky TDSSKiller is a utility that was created in order to provide you with a simple means of disinfecting any system that suffers a rootkit infection.A rootkit is a program or a set of programs designed to obscure the fact that a system has been compromised.
- Please download the latest official version of Kaspersky TDSSKiller.
- Before you can run Kaspersky TDSSKiller, you first need to rename it so that
you can get it to run. To do this, right-click on the TDSSKiller.exe icon that should now be on your Desktop and select Rename. You can now edit the name of the file and should name it toiexplore.exeCode:iexplore.exe
- Once the file is renamed, double-click on it to launch it.
- Kaspersky TDSSKiller will now start and display the welcome screen as shown below.In order to start a system scan , press the ‘Start Scan’ button.
- Kaspersky TDSSKiller will now scan your computer for Win 7 Antispyware 2012 related malicious files.
- When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
- To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.
- A reboot might require to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
Note: After you have rebooted your computer,please start again in ‘Safe Mode with Networking’ before proceeding to the next step.You can find details on how to start in ‘Safe Mode with Networking’ in Step 1.
STEP 5: Download and scan with RKill to terminate known malware processes.
RKill is a program that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then import a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools.
As RKill only terminates a program’s running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.
- After you have started your computer in Safe Mode with Networking ,Please download the latest official version of rKill.
- Double-click on the RKill icon in order to automatically attempt to stop any processes associated with this rouge.
- Now RKill will start working in the background, please be patient while the program looks for various malware programs and tries to ends them.
- If you receive a message that RKill is an infection, that is a fake warning given by the rogue. As a possible solution we advise you to leave the warning on the screen and then try to run RKill again.Run RKill until the fake program is not visible but not more than ten times.
- If you continue having problems running RKill, you can download the other renamed versions of RKill from here.
- When Rkill has completed its task, it will generate a log. You can then proceed with the rest of the guide.
WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.
STEP 6: Download and scan with Malwarebytes Anti-Malware Free
- Please download the latest official version of Malwarebytes Anti-Malware Free.
- Install Malwarebytes’ Anti-Malware by double clicking on mbam-setup.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button. If Malwarebytes’ prompts you to reboot, please do not do so.
- Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline’ as we just want to use the on-demand scanner.
- On the Scanner tab,please select Perform full scan and then click on the Scan button to start scanning your computer for any possible infections.
- Malwarebytes’ Anti-Malware will now start scanning your computer for Win 7 Antispyware 2012 malicious files as shown below.
- When the scan is finished a message box will appear, click OK to continue.
- You will now be presented with a screen showing you the malware infections that ]Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.
Make sure that everything is Checked (ticked) and click on Remove Selected button.
- Malwarebytes’ Anti-Malware will now start removing the malicious files.
If during the removal process Malwarebytes will display a message stating that it needs to reboot, please allow this request.
STEP 7: Download and scan with Hitman Pro
- Please download the latest official version of Hitman Pro.
- Start Hitman Pro by clicking on the previously downloaded file.
NOTE : If you have problems starting Hitman Pro, use the “Force Breach” mode. Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes are terminated, including the malware process. (How to start Hitman Pro in Force Breach mode – video) - Click Settings to proceed to the application scan options. Note that Hitman Pro 3 is free to use for the first 30 days, after which time it will prompt you to purchase a licence key.
In the Settings menu, ensure that the options “Create Restore Point Before Removing Files” is checked, and click OK. Click Next to continue to the scan. - The Setup screen is displayed. Here, you can decide whether or not you wish to install Hitman Pro 3 on your system. To proceed with installation, select Yes,create a copy of Hitman Pro so I can regularly scan this computer .Click Next to continue.
- Hitman Pro will start scanning your system for AV Security Essentials malicious filles. Depending on the size of your hard drive, and the performance of your computer, this step will take several minutes.
- Once the scan is complete, a summary of detected malicious files is displayed.
- Click Next to start removing the infected files.Hitman Pro 3 will now cleanse the infected files, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
As an addition step it’s recommended that you download other free anti-malware software from the list below and run a full system scan :
If you are still experiencing problems on your machine, please start a new thread here.
STEP 8 : Fix your Windows HOSTS file
The hosts file is one of several system facilities to assist in addressing network nodes in a computer network. It is a common part in an operating system’s Internet Protocol (IP) implementation, and serves the function of translating human-friendly hostnames into numeric protocol addresses, called IP addresses, that identify and locate a host in an IP network.
Because of its role in local name resolution, the hosts file represents an attack vector for malicious software. The file may be hijacked, for example, by adware, computer viruses, trojan horse software, and may be modified to redirect traffic from the intended destination to sites hosting content that may be offensive or intrusive to the user or the user’s computer system.
In order to protect itself, Win 7 Antispyware 2012 has changed the permissions of the HOSTS file so you can’t edit or delete it.
- Please download the following batch file and save it to your desktop:
hostfix.bat - Click on hostfix.bat and allow this file to run.Once it starts you will see a small black window that opens and then quickly goes away, then you should be able access your HOSTS file.
- Please download and run the below file from Microsoft to revert your host file to its original settings.Please note that if you have added custom entries to your HOSTS file then you will need to add them again after restoring the default HOSTS file.
If you are still experiencing problems on your machine, please start a new thread in our Malware Removal Assistance forum.
Extra details for Win 7 Antispyware 2012 :
Activation codes for Win 7 Antispyware 2012
In the worst case scenario,if can’t reboot your computer in safe mode or install anti-malware software to remove Win 7 Antispyware 2012 , you can use any email with the below registration code, in order to stop the fake alerts.