I moved this to Malware Discussions > Home User Assistance as a more appropriate spot. If those tools don't help there is a removal guide here: http://www.bleepingcomputer.com/virus-removal/remove-av-security-2012
Scroll down the page as the first links you see are adverts.
The sample I had came bundled with a rootkit, here's a write-up and removal guide. Malwarebytes detects and removes the rogue av but fails to remove the rootkit. I'm not sure if Stinger can remove TDL4 rootkit? I think folks at McAfee should create standalone TDL3/4 removal tool, it's a very widespread infection. Anyway, you can use the TDSSKiller utility to remove the rootkit. This infection also changes the Windows HOSTS file. Use Windows Fix it tool to reset the Hosts file back to the default http://support.microsoft.com/kb/972034
Cheers!Message was edited by: techrumy on 11/14/11 3:22:29 PM CST
Hi Anad- I am glad to help.
First off the moderators in this thread are on the right track. Malwarebytes will remove this infection. The problem I had with MBAM is that when I wen to download the program from their site, I got redirected to CNET! Then on the malwarebytes page on CNET I when I clicked the Malwarebytes download button, I ended up with a program called ARO (advanced registry optimizer) I thought that was part of MBAM but appeantly not as it was not capable of removng the virus. I have learned since that I clicked on an ad and the actual MBAM download is somewhere hidden on that page. Why does Malwarebytes do this? Is almost as bad as the virus!
Anyways, here is what we did to remove the infection:
1. Turn off the computer and wait 20 seconds. Then Turn it back on and immediately begin pressing the "F8" key until you see the Windows Safe Mode options Menu. Then Select "Safe Mode with Networking" and hit ENTER and let it load up.
2. After the computer has loaded into Safe Mode with Networking, Press the "Windows" key + the "R" key at the same time. (Windows Key is to the right of space bar, marked with an Windows logo) This will open the Run Command Box. In the Run Command Box Type: iexplore http://www.fixs.me
That will download the latest version of spyware doctor with antivirus without having the virus block it. By doing it this way it installs faster and the virus can't block it.
3. Complete the installation of spyware doctor by selecting "RUN" and perform the scan and register it to remove the virus completely.
Please Note: I called spyware doctor the first time I ran the scan because in the results none of the infections it found were called "AV protection Virus" they told me that the actual file name maybe very different and that av protection 2011 is just the name the hackers use to trick people and the actual file names are totally different.
4. Then we set set the spyware doctor program to work cooperatively with our McAfee program. You can find that in the program settings.
Resources: AV Security 2012
I hope this helps others!
Message was edited by: pcchick on 11/21/11 9:19:39 AM CSTMessage was edited by: pcchick on 11/21/11 9:21:31 AM CST