none
Win7 Antivirus 2012

    Question

  • Out of nowhere, today, my computer was infected with the Win7 Antivirus 2012 virus. Do you have a solution for this humongous problem that prevents me from running any of Microsofts Security tools to combat its presence? Is there a way I can download a solution on a different system and boot it and run it from the optical of the computer laptop that has been affected?

     

    Wednesday, December 21, 2011 3:20 AM

Answers

  • I found a way to get any Antivirus to run to get rid of this rogue antivirus, Go to Start > Computer > Local Disk (i.e. drive C:)> Program Files or Program Files (x86) [ where ever your anti-virus program is]  find your antivirus program (i.e. Malwarebytes Anti-Malware, MS Security Essentials, Trend Micro, ect.). Find the main executable that runs your antivirus that you installed and RENAME IT "iexplorer.exe". This is so Win7 Antivirus 2012 doesn't recognize it as an intruder. Then try to open it. I was able to get Malwarebytes to open by doing this in Safe Mode on MS Windows 7 ultimate. I ran it even tho it was 15 days outdated and it picked it up and removed it. hope this helps!!!
    Saturday, December 24, 2011 3:34 AM

All replies

  • I would download microsoft security essentials it's a free product and it should help you remove it.


    http://windows.microsoft.com/en-US/windows/products/security-essentials

     

    Trend micro has a free online scaner

    http://housecall.trendmicro.com/

     

    If you want to do it manuly try the instructions here.
     
    http://www.2-viruses.com/remove-win-7-anti-virus-2012

    Wednesday, December 21, 2011 5:16 AM
  • Hi,

    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy.

    Best Regards,

    Niki


    Niki Han

    TechNet Community Support


    Friday, December 23, 2011 5:13 AM
    Moderator
  • It is very disappointing that so many people have this issue and exe files are unassociated and MS has no fix for this damn thing
    Friday, December 23, 2011 11:11 PM
  • I found a way to get any Antivirus to run to get rid of this rogue antivirus, Go to Start > Computer > Local Disk (i.e. drive C:)> Program Files or Program Files (x86) [ where ever your anti-virus program is]  find your antivirus program (i.e. Malwarebytes Anti-Malware, MS Security Essentials, Trend Micro, ect.). Find the main executable that runs your antivirus that you installed and RENAME IT "iexplorer.exe". This is so Win7 Antivirus 2012 doesn't recognize it as an intruder. Then try to open it. I was able to get Malwarebytes to open by doing this in Safe Mode on MS Windows 7 ultimate. I ran it even tho it was 15 days outdated and it picked it up and removed it. hope this helps!!!
    Saturday, December 24, 2011 3:34 AM
  •  


    Win 7 Internet Security 2012 / Win 7 Home Security 2012./ Win 7 Anti Virus / Windows 7 Security 2012 all these are same spayware.

    If you are trying to remove this spyware, there are full instructions on how to do

    that manually at the link :

    http://123seminarsonly.com/Tips/007/Win-7-Internet-Security-2012.html


    http://www.easy2resolve.com/software-issues/remove-vista-security-2011-2012

    If you wish you can download and run Norton Bootable Recovery Tool (NBRT). It is a Free Tool.

    • Edited by SreedharRam Tuesday, December 27, 2011 3:13 PM
    Tuesday, December 27, 2011 3:11 PM
  • If FakeAV shuts down things like Task manager that prevents you from cleaning the system, I`ve used Process Explorer to shut down the nasty processes. Then continue with scanning the machine using my AV as well as Malwarebytes. I would also remove temp files and clean the registry as well as run rootkit removers. Ultimately, it`s better to just reimage. In my mind, unless you absolutely can not fix the issue, just reimage it, you may end up spending less time reinstalling Windows then having to remove the junk stuff. On another note System Restore maybe a solution if restore points have not been affected...

    http://technet.microsoft.com/en-us/sysinternals/bb896653

    Wednesday, December 28, 2011 6:20 PM
  • I HAD THE SAME THING HAPPEN A FEW DAYS AGO.

    I DELETED THE MS SECURITY UPDATES KB2618451, 2618444, 2619339, 2620712, 2639417  REBOOT AND EVERYTHING WENT BACK TO BEING OK.

    NO MORE AUTOMATIC DOWNLOADS FOR ME!!

     

    Wednesday, December 28, 2011 7:26 PM
  • OK this has been successful at removing this Win 7 Antivirus 2012:
    (It has a bunch of other names too.)

    Boot to Safe Mode with networking and login as admin (if possible not the infected users account)
    I copy from my personal Malware Utilities Disk (MUD) the following:
    Malwarebytes
    Process Explorer
    Autoruns
    FixNCR.reg
    RKill
    TDSS Killer
    SecuniaPSI

    I run Malwarebytes (full scan)
    If it doesn’t run I run RKill and FixNCR.reg

    Malwarebytes should now run.

    Remove anything it finds and reboot. I reboot again to Safe Mode to let Malwarebytes finish but then I reboot regularly.

    Login as the user.
    Delete Temp Internet files and recycle bin

    Run Malwarebytes again, full scan
    Assuming it’s clean…

    I peruse Autoruns and Process Explorer for anything unusual.

    I remove Flash, Java and Adobe reader and reboot.
    I reinstall the above 3.

    All Windows updates
    (In one instance the malware damaged Windows update. I had to reinstall The services “Automatic Updates” and “Background Intelligent Transfer Service”.)

    Run Secunia PSI and update/remove anything else until I get a score of 100%

    I believe this comes through unpatched Java, but it's just an educated guess.

    Thursday, December 29, 2011 12:24 PM
  • this worked for me...thx......one note.....i had to  click "run as administrator" for it to launch.....thx again
    Sunday, January 01, 2012 3:33 PM
  • My hp laptop was infected with this virus just yesterday.  I couldn't access the internet.  First I switched off the computer and restarted in Safe Mode (by holding down f8).  Next, I simply used 'system restore' (control panel) to go back to my laptop's status as of Jan. 1 and it worked.  Then to be sure I downloaded and ran Spy Hunter just to be sure the virus was gone.  So far so good.

    Sunday, January 08, 2012 5:25 AM
  • I got this virus last week.  Luckily I recognized it pretty quickly as a rogue virus when it kept telling me I had so many viruses (and I"m pretty religious about scanning, so it had to be a fake).  It looks real, of course.  But I read up from another computer on how to get rid of it ( the one that worked best was system recovery and then I could run Windows Security Essentials which eliminated the rest of it). I got my computer back. (Heavy sigh of relief). 

    However - now the blue and yellow shield icon that was so prevalent on the virus is appearing on several of the programs that I used when the virus was active on my system before I knew it was there.  It's also appearing on many commands on the context menu (like rename).   I've tried to eliminate the shield, but it doesn't seem to be impacted by anything I try. I ran the FixNCR.reg and RKill.

    Is the virus still active on my system in the background despite Windows Security Essentials telling me it's gone?  Any help would be greatly appreciated.

    Thanks

    CJ

    Saturday, January 14, 2012 6:36 PM
  • Yes.   This works.  Make sure you restart in SAFE mode and then reload prior restore point. Thanks!
    Saturday, January 14, 2012 6:43 PM
  • Actually I was able to delete Win 7 Antivirus 2012 in normal mode. If you have MSE or Malwarebytes try running them with Admin's rights. Right-click the icon at desktop of one of these applications and run it with Administrator's rights. Here is how you can do it - http://www.deletevirus.net/name-changing-rogue-2012-aliases/

    I removed Win 7 Antivirus 2012 for free with MBAM, by the way.

    Tuesday, January 17, 2012 1:35 PM
  • I had the same issue but resolved it with a task killer renamed iexplore then used security essentials to clean for good.

    One thing I noticed just before the infection occurred was a series of popups saying adobe flash was trying to make a change to my hard drive. is this process getting installed by piggy backing on flash content?

    Thursday, February 02, 2012 1:45 PM
  • This works for me. I have found that it pops up on my computer only when I am on Face Book. I have sent them a e-mail describing the activity so that they can investigate. I believe it to be imbedded in some ad on theeir website.

    When I see it on screen I just reboot my computer without incident. Whatever you do, DO NOT click on it. I was able to clean it off by downloading System Scan from Microsoft. It takes some time to scan the whole computer but it did clean it from my computer. Hope this helps.

    Wednesday, May 23, 2012 1:56 AM