Remove Win 7 Antispyware 2012. Removal instructions

Also known as: Win 7 Antispyware 2012

Severity scale:  (72 / 100)

Win 7 Antispyware 2012 is a rogue antispyware program. As a typical rogue anti-spyware program Win 7 Antispyware 2012 is usually distributed and installed through the use of Trojans that come from misleading websites that pretend to be online anti-malware scanners. What is more, trojans can also come bundled with other malicious software. On way or another, when trojan virus is installed, it will download and install Win 7 Antispyware 2012 onto your computer. Once installed, Win 7 Antispyware 2012 will be configured to run automatically each time you log on into Windows.

While running, this fake antivirus program will simulate a system scan and detect legitimate Windows files or non-existing files as infections. Some of these alerts report something like this:

Win 7 Antispyware 2012 Firewall Alert
Win 7 Antispyware 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Win 7 Antispyware 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site’s pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.

Things you can do:
- Get a copy of Vista Security 2012 to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)

Furthermore, Win 7 Antispyware 2012 will flood your PC with popups and fake security warnings to mislead you into thinking that there are various harmful files on your computer. This is done to create a reason for the user to buy Win 7 Antispyware 2012 "licensed version", which is completely and utterly non-functional. If you buy it - consider yourself scammed. As you can see, all those fake alerts false scan results are displayed only to scare you. If you are infected with this rogue, please use these removal instructions below, which will help you to remove Win 7 Antispyware 2012 from your computer manually for free or with an automatic removal tool.

If you find problems in launching your anti-spyware program, use one of these codes to make this rogue anti-spyware think that it was registered by the victim: 2233-298080-3424, 1147-175591-6550, 3425-814615-3990 or 9443-077673-5028. Once activated, it won't block web browsers and anti-spyware software.

Automatic Win 7 Antispyware 2012 removal:

Malwarebytes Anti Malware

download | review

Tested and Confirmed! Malwarebytes Anti Malware removes Win 7 Antispyware 2012 (2011-06-09 14:23:58)

STOPzilla

download | review

We are testing STOPzilla's efficiency at removing Win 7 Antispyware 2012 (2011-11-30 10:27:30)

Spyware Doctor

download | review | tutorial

We are testing Spyware Doctor's efficiency at removing Win 7 Antispyware 2012 (2011-11-30 10:27:30)

XoftSpySE Anti Spyware

download | review

Win 7 Antispyware 2012 manual removal:

FORUM:
Discuss Win 7 Antispyware 2012 in
spyware removal forum

Kill processes:
[random characters].exe, like ppn.exe, agn.exe or similar

HELP:
how to kill malicious processes

Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'

HELP:
how to remove registry entries

Delete files:
%AllUsersProfile%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\ppn.exe %Temp%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\U3F7PNVFNCSJK2E86ABFBJ5H %AppData%\TEMPLATES\U3F7PNVFNCSJK2E86ABFBJ5H %AppData%\157850g1p046c522p184r5dtv4q8 %Temp%\157850g1p046c522p184r5dtv4q8

HELP:
how to remove harmful files

Additional resources related to Win 7 Antispyware 2012:

3

0

Graham Ledbrook

I have successfully removed this trojan on both win 7 and vista by tapping F8 during bootup and then in the Safe menu at top is line repair computer. Click this and follow until you get window to restore Pc .
Selecting an earlier date when trojan was not present restores the PC back and trojan has gone. Do a full Malwarebytes scan after updating to remove any residual files hiding in explorer cache.

Reply »

2011 06 24

0

0

3freemad

I think I removed Antispyware 2012(I deleted all files that are related to it), but now I have a bigger problem:

None of the programs on my computer work. At all. Period.

Not my games, not my internet, not even Word works ever since I deleted this stupid virus!
I have to post this using my iPod!

HELP!!!

Reply »

2011 07 13

0

0

Manoj

There is an easy way out instead of editing the registries.
I had this trojan today.Started my windows 7 in safe mode and looked for 3 letter exe file with latest timestamp in my user/AppData/Local directory.
It was something like iqk.exe. I deleted the file and tried to do system restore. But as the trojan has corrupted the registry keys and it intercepted every executable and now the interceptor being deleted the sytem will say that the said exe file not found. For example if you start taskmanager it will alert that C:/Windows/system32/taskmgr.exe not found. So you have to manually start the restore program. Go to C:/Windows/system32/rstrui.exe file and right click and run as Administrator. Restore your system to a previous date when the trojan problem was not there. Hope this helps all.

Reply »

2011 11 27

1

0

wingee2k

I got this nasty virus and was able to get rid of it in only a few simple steps. In most cases the virus prevents you from downloading or using the internet. Go to a secondary computer and download the necessary files (can be found on just about any help site for this virus) and save them onto a jumpdrive, cd, etc. Transfer them to the infected computer and open/run them. Shut the computer completely off and while restarting it tap f8. Pu the computer into safe mode and then do a system restore.

Reply »

2011 11 27

1

0

Mark

How I Removed Win 7 Antispyware 2012
First, this POS infects the affected user account only. I always have 2 admin accounts on my computer to resolve problems. Win 7 Antispyware 2012 infected my “regular” admin account. I rebooted my PC and logged in using the backup admin account. This account worked fine and was not infected.
Using the backup admin account, I opened REGEDIT. I went to HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand
My default key read HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%LocalAppData%gsy.exe" -a "%1" %*
The executable, GSY.EXE, was the file causing all of the damage. Your file may be something else like KDN.EXE. Whatever it is, delete this file. Open Windows Explorer and delete this file. I deleted GSY.EXE.
Download the .EXE Registry Fix
Using my backup admin account, I downloaded http://www.sevenforums.com/attachments/tutorials/123734d1312706455-default-file-type-associations-restore-default_exe.reg and I saved the file to c:temp
Run the .EXE Registry Fix
Now, the infected profile’s registry is screwed up and your PC will not run any .EXE files. To fix it, login to your infected profile using Safe Mode (http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode)
1. Choose Safe Mode with Command Prompt
2. From the command prompt, type: start explorer
3. Go to c:temp and right click the .REG file you downloaded above.
4. Click Merge
5. Reboot your PC
These steps worked for me. It removed Win 7 Antispyware 2012 from Windows 7 64-bit.

Reply »

2011 12 22

0

0

Reric

This worked for me! Thanks!

Reply »

2011 12 31

Post Comment:

Attention: Use this form only if you have additional information about Win 7 Antispyware 2012 parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«


* All field required