I didn't think about Stinger, dangit! I just completed reimaging our laptop. I had to use the recovery dvd's that I made. The recovery partition didn't get rid of the virus. I dont understand why not unless the recovery partition got infected, too. Is that possible?
It's possible but not being familiar with what recovery discs can do it may have just done a repair of the existing installation. I could be wrong of course.
Stinger is now updated to deal with many FakeAlert type of malware and I believe this one is one of them
If not run Malwarebytes free. Update it before running. See 3rd Party Tools halfway down this page: https://community.mcafee.com/docs/DOC-2168
If that all fails then use the HijackThis routine I suggest at the bottom of that page.
Spybot search and destroy detected and removed it from my pc about 5 minutes ago. I foolishly have not updated Spybot in a few weeks, so my pc was not immunized against it. Both Mcafee and AGV did not detect this anger inducing piece of malware. I have no affiliation with any software companies, just passing on info on a fix for this problem.
My question now is, what can I do from a legal standpoint? Isn't it against the law to make unwanted, unauthorized changes to a persons computer? I have been trying to find out who makes it, but was not lucky, and I did not want to click yes on their pop-ups, but that would have told me.
It is illegal in many countries but trying to enforce the law is the difficult part as these people are elusive & often residing somewhere with lax laws or no laws at all. I'm sure the anti-malware companies are trying to do that anyway. I would have been interested to know if McAfee's Fake Alert version of Stinger would detect it now as it is updated frequently.Message was edited by: Ex_Brit on 09/12/11 11:41:14 EST AM
Just an update on my situation..... I was able to get the "Nasty Bug" out of my son's computer..... I used most of the progams mentioned above but Spy Bot seemed to do the trick for me. When you do it you have to be really patient.... I think one scan I did took about 6 hours. I ran 3 of them in all. Ist one got some... but not all.... 2nd one got the rest ... the 3 scan I did for good measure. Crossing my fingers that my son won't be messing aroun again at that site.
Good luck to everyone....
I was up all night last night fighting to regain control of my computer after being infected with Win 7 Antispyware 2012, a name I will never forget the rest of my life. It simply takes over and eludes every counter measure. Prevents system restores, web web access, can't be shredded, can't be pinned down, can't be quarentined or moved, deleted, etc. McAfee is normally reliable in my experience but along with every other malware detection and removal application mentioned on all the boards on this topic, this latest version of this monster malware rendered them useless since they weren't allowed to download and fight it out on even turf. I finally found a website www.pcrisk.com/removal-guides/6483-remove-win-7-anitvirus-2012 that provided a registration code to enter 3425-814615-3990. The secret is in letting the malware in just a little more and regaining just enough access to your computer that removal applications could be downloaded and have a fair fight. This code entered precisely as the screenshots show on the link above tricks the monster program into thinking you're either buying or have already purchased it (not sure which). This unseizes your computer and allows access to the internet where you can download malwarebytes, PC Doctor, and others (I did them all including the $30 for PC Doctor) and run them to track down and eventually catch and catch again (the malware seems to move around and fight every step of the way) and finally remove. There will be damage though. My 13 month old Dell running Windows 7 wouldn't quite return to normal as I kept getting an error message that McAfee's firewall was not on - nor would it stay on when I hit the on button. According to McAfee support, Windows Firewall works in tandem with McAfee's firewall. Thus some people on discussion boards who are wrestling with this damage have said in recent days that McAfee said "talk to Microsoft" and others are saying Microsoft said "talk to McAfee." McAfee support determined that my Microsoft Firewall was damaged as I kept getting error messages when they instructed me to adjust Microsoft Firewall settings (apparently this same damage prevented McAfee support from remoting in during our email chat). I could find no way to fix this and final Microsoft/McAfee firewall coordination coordination issue. Others in the exact same situation on other boards in recent days are still wrestling with this remaining issue. However, I effectively solved it by saving my recent work product and then doing a simple system "restore" within the Windows button and going back a few days to my last hard drive snapshot and restoring. Now things are perfect and if I ever find those behind Win 7 Antispyware 2012 I will kill them. ##
The above method works. Register the win 7 antivirus 2012 with the afore mentioned key by shogun rua. Key is 3425-814615-3990. activate or register the program with this key. Once you do this, run malwarebytes and run a full scan. It will detect the threats and once the scan is done, view results and check off all of them then click remove. Your computer might be disabled by the program to even download malwarebytss. It does this to protect itself from detection and removal by counter sofware. This was my case. Fortunately I have a laptop that I used to download malwarebytes into a sd card. I then intalled malwarebytes from my SD card on to my desktop pc.I ran it in both normal mode and safe mode. The program detected 4 different attack attempts within my computer and removed them in normal mode. It did not detect any in safe mode. As a result the pop ups stopped and I'm able to run my programs again. Thank You shogun rua. Your solution worked for me. It was simple and I didn't have to access the registry like other post suggest which can be confusing and risky if you don't know what you are doing. As a precaution and recommendation to others, as soon as I got the first pop up, I isolated my computer from my network and the the internet. I did this by disabling my wifi adapter in network and sharing change adapter settings. Once I did that, my computer was no longer running on my network or connected to the internet. This prevents the malware from spreading on to my network and pc's whitin it and stops the program from running stronger through remote access. I also unistalled Mozilla Firefox which was the browser I was using at the time of the inffection. This prevents remote access from acquiring your personal information and therefore the possibilty of identety theft or all other spyware. You can never be too precautious in this situations so I suggest to use what ever tools you can get your hands on.Also, I would like to state that I ran malwarebytes several times before registering the malware virus itlself. Although malwarebytes detected the threat every time, it could not remove it till I registered the win 7 antivirus 2012 with the key which stopped the program from moving within my system allowing malwarebytes to finally catch it completely and terminate it. Hope this helps those in need of a solution. I know it stressed me out and it seemed like my pc was lost but thanks to shogun rua's solution, and malwarebytes as suggested by other's, I was ablo to terminate the threat and bring my computer back to normal.
XP Internet Security 2012 / XP Security Center 2012 / XP Antispyware 2012 / XP Antivirus 2012 / XP Security 2012 / XP Home Security 2012 all these are same spayware.
If you are trying to remove this spyware, there are full instructions on how to do that manually at the link :Message was edited by: Ex_Brit on 29/12/11 6:59:25 EST AM