Right after the new years the place were I work got hit with computers all having different variants of the fake antivirus 2012. This variant renames it self depending on which version of windows you have. But like most fake antivirus software they try to steal your credit card info and personal information. So here is how you remove it.
This is what you may be seeing depending on the version of windows you have.
1. So if you see this don't try to manually remove any of the files it lists. They are fake and you could be removing non infected files.
So what we will need is a few programs. on a sperate computer download these programs to a flash drive.
Spybot Search & Destory
Once you have your software downloaded and on a USB.
2. Start the infected computer in safe mode with networking. (hitting F8 during start up)
3. run RKill and wait for it to finish
4. then install malwarebytes, spybot, and superantispyware. then update and run full scans this will take a few hours.
5. Once scans are finished and items found are now fixed we can restart the computer into normal mode.
6. Run comodofix... this will take a while and it will tell you when it is done. if you need help they have a guide to walk you through it (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
7. once that is finished you can run TDSSKiller to make sure everything is clean.
8. Run Registry cleaners CCleaner and Registry Mechanic
9. Uninstall malwarebytes, spybot, superantispyware, comdofix, ccleaner, and registry mechanic. Less you want to keep some of them
10. You now are finished.
I hope this helps you get your computer working again.
if you are wanting to help prevent these things in the future. keep windows updated, use firefox or chrome, install WOT plugin, and keep your antivirus updated.
If you need an antivirus software one of the top rated by AV-test.org is Bitdefender for xp,vista, and windows 7 beating away the competition.
if you rather have a free antivirus check out Avast
Thanks for reading,
Local Tech Repair Admin
and leave a comment...