Severity scale:  
  (76/100)

Antivirus Protection 2012. How to remove? (Uninstall guide)

removal by Olivia Morelli - -   Also known as Antivirus Protection | Type: Viruses
12

Antivirus Protection 2012 is a typical cyber threat that pretends to be legitimate. Trying to do that, this scamware displays trustworthy-looking but completely fake alerts and scanners that all report the same useless information about numerous viruses detected. Please, never fall for Antivirus Protection 2012 because it's useless and has no capability to detect or remove malware. That's because it has an empty virus database and 'finds' the same viruses on every computer that it manages to infect. If you find this malware on your PC, remove Antivirus Protection malware without any delay.

In most of the cases, this sneaky application spreads via Trojans that help for it to get inside the system without any victim's permission asked. In addition, Antivirus Protection 2012 is set to start once the PC is rebooted and display all those annoying alerts that report harmless files but not dangerous viruses. When installed and active, Antivirus Protection 2012 typically displays fake system scanners that should convince people that they really have viruses on their computers. However, it must be ignored and eliminated ASAP. If you leave it, you will receive numerous alerts saying something like this:

Antivirus Protection 2012 Firewall Alert
Your computer is being attacked from a remote machine!
Block Internet access to your computer to prevent system infection.
Attacker IP: [ip address]
Attack type: RCPT exploit

Antivirus Protection 2012 Firewall Alert
Suspicious activity in your registry system space was detected. Rogue malware detected in your system. Data leaks and system damage are possible. Please use a deep scan option.

Antivirus Protection 2012
Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with Antivirus Protection 2012.

Antivirus Protection 2012
Your computer is being used as spamming machine. You can get sued for spam. Your computer WIL BE DISCONNECTED FORM INTERNET BECAUSE SPAMMING OTHER PCs.

In additon, if ignored it starts displaying such alerts:

Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Do you want to block this suspicious software?
Name: Sft.Dez.Wien
Risk: High

Security Center
Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to a remote computer!
Warning! Unauthorized personal data transfer is detected! It may be your personal credit card details, logins and passwords, browsing habits or information about files you have downloaded.
To protect your private data, please click “Prevent Connection” button below.

You have been infected by a proxy-relay trojan server with new and danger “SpamBots”.
You have a computer with a virus that sends spam.
This is a mass-mailing worm with backdoor thus allowing un-authorized access to the infected system.
It spreads by mass-mailing itself to e-mail addresses harvested from the local computer or by querying on-line search engines such as google.com.
The IP address that YOU are getting from Internet Service Provider (ISP) for YOU personal computer is on some major blacklist.
Your computer has been used to send a huge amount of junk e-mail messages during the last days.
You IP will be marked in the Police log file as mass-mailing spam assist.
Upgrading to the full version Antivirus Protection 2012 it will eliminate the majority of Spam attempts.

As you can see, Antivirus Protection 2012 employs misleading tactics to promote its licensed version. Generating bogus alerts and fake system scanners, reporting numerous security risks and disabling victim from using his PC properly – these are the main signs that you have a deal with malware. If you notice Antivirus Protection 2012 on your PC, please don't wait for long because you may end up with damaged PC. Please, use a reputable anti-spyware and remove Antivirus Protection 2012. We highly recommend you using Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Reimage anti-spywares. If you are disabled from launching these or other anti-spyware programs, go “START” -> “RUN” and insert there taskkill /f /im rundll32.exe (keep all the gaps and slashes).

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Antivirus Protection 2012 you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Antivirus Protection 2012. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Antivirus Protection 2012 (2012-04-10)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Antivirus Protection 2012 (2012-04-10)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Antivirus Protection 2012 (2012-04-10)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Antivirus Protection 2012 (2012-04-10)
Antivirus Protection 2012 snapshot
Antivirus Protection 2012

Antivirus Protection 2012 manual removal:

Kill processes:
AntivirusProtection2012.exe

rundll32.exe

[random].exe,

2010yo.exe

472a10e2ebxd9.exe

56493.exe

cosock.exe

cowceb.exe

d20mes.exe

dc_3.exe

ddoll3342.exe

destroyer.exe

exppdf_w.exe

hhbboll_2.exe

jofcdks.exe

lols.exe

puzpup.exe

sycre.exe

winifi.exe

wwwsssgen.exe

securityhelper.exe

securitymanager.exe

Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random]"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "[random]"

HKEY_CURRENT_USERSoftwareAntivirus Protection

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Antivirus Protection"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Antivirus Protection 2012 SM"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntivirus Protection

Delete files:
%AppData%Antivirus Protection

%AppData%Antivirus ProtectionAntivirusProtection2012.exe

%AppData%Antivirus ProtectionIcoActivate.ico

%AppData%Antivirus ProtectionIcoHelp.ico

%AppData%Antivirus ProtectionIcoUninstall.ico

%AppData%Antivirus Protectionsecurityhelper.exe

%AppData%Antivirus Protectionsecuritymanager.exe

%AppData%MicrosoftInternet ExplorerQuick LaunchAntivirus Protection.lnk

%StartMenu%ProgramsAntivirus Protection.lnk

%StartMenu%ProgramsAntivirus Protection

%StartMenu%ProgramsAntivirus ProtectionActivate Antivirus Protection.lnk

%StartMenu%ProgramsAntivirus ProtectionAntivirus Protection.lnk

%StartMenu%ProgramsAntivirus ProtectionHelp Antivirus Protection.lnk

%StartMenu%ProgramsAntivirus ProtectionHow to Activate Antivirus Protection.lnk

%Temp%2010yo.exe

%Temp%472a10e2ebxd9.exe

%Temp%56493.exe

%Temp%cosock.exe

%Temp%cowceb.exe

%Temp%d20mes.exe

%Temp%dc_3.exe

%Temp%ddoll3342.exe

%Temp%destroyer.exe

%Temp%exppdf_w.exe

%Temp%hhbboll_2.exe

%Temp%jofcdks.exe

%Temp%lols.exe

%Temp%puzpup.exe

%Temp%sycre.exe

%Temp%winifi.exe

%Temp%wwwsssgen.exe


  • sabrinasai

    I personally use Comodo Antivirus

  • myron

    Good to know about the instruction for Removal Antivirus Protection 2012 .

  • Axel

    Antivirus Protection 2012 added all of these executable files to my /documents and settings/ /All users/temp folder : (all with the same date and time, exactly at the time of infection) :

    02c9c3c35bdx5.exe
    17dkf.exe
    1iowieoo.exe
    2010yo.exe
    472a10e2ebxd9.exe
    56493.exe
    8gmsed-bd.exe
    a75wef8e0e7.exe
    A9R1699.tmp
    ae0965a7157cd.exe
    al3erfa3.exe
    alerfa.exe
    alerfa2.exe
    altedf.exe
    aqfitrlxi2.exe
    backd-efq.exe
    brdss.exe
    bzqa43d.exe
    cffd4.exe
    cocksucker.exe
    cosock.exe
    cowceb.exe
    cunifuc.exe
    d20mes.exe
    dc_3.exe
    dd10x10.exe
    ddoll3342.exe
    destroyer.exe
    dffuck.exe
    dgxdro.exe
    dkfjd93.exe
    ds7hw.exe
    eelnvd13.exe
    exppdf_w.exe
    fadz43.exe
    fe.exe
    format.exe
    gedx_ae09.exe
    ggwwef9752.exe
    gpupz2a.exe
    g_dx234.exe
    hardwh.exe
    hhbboll_2.exe
    hiphop.exe
    hjkgfddd.exe
    hodeme.exe
    htfad4.exe
    hvipws9.exe
    jdhellwo3.exe
    jkfuckfu.exe
    jofcdks.exe
    kjdh_gf_jjdhgd.exe
    kjh102k3.exe
    kn.a.exe
    kock.exe
    ljts-23.exe
    lkhgg_ea.exe
    lols.exe
    lorsk.exe
    ploper.exe
    poertd.exe
    ppddfcfux.exxe
    protector2.exe
    pswwg3c.exe
    puzpup.exe
    qwedvor.exe
    qwklrvjhqlkj.exe
    r0life.exe
    rator.exe
    rtfme.exe
    safe.exe
    snowif.exe
    SOF86.tmp
    sycre.exe
    timem.exe
    tryh-blv.exe
    w32-reno-c.exe
    w32rim_mem.exe
    warsddd_w.exe
    wefgetn_00.exe
    wined.exe
    winifi.exe
    wqefqw7e.exe
    wrcud12.exe
    wrfwe_di.exe
    wwautrsd.exe
    wwwsssgen.exe
    _F18.tmp

    I removed all of them.
    I use the free Sysinternals utilities suite to detect unusual files and processes (especially “Process explorer” and “Autoruns”)

    Cheers