Ok small update i found this explenation as to how to remove it:
It requires you to write a small piece of code in notepad then it will allow to use exe files again. Its worked and i am now running a scan with malwarebytes (the virus was blocking it from starting before)
i could suggest you to run full ODS under safe mode.If that is not helping the best will be if you upload sample to McAfee Labs, so in future they will release XDat and regular dats which could remove the virus completly.
also you could download McAfee Command line scaner and run scan in safe mode. Full information how to upgrade and download CLS you could find in https://kc.mcafee.com.
For the virus Sample you could use MS autoruns- this tol is very helpful.
Always update your VirusScan to the latest definitions
Moved from Home and Home Office to Security Awareness (Home User Assistance)
Ok this worked for me
I managed to get rid of this nasty little Malware, You will need to be very computer litteret . I am not that much of a computer geek, but with some on line searching and several hours I erradicated it. Good thing I had another computer on my home network.
I got it from icefilms, and it locked up every application no matter what I tried to open the anti-virus screen came up. I had to open applications from cntl+alt+del and then try to open an application. "awy.exe" kept running and the xp anti-virus screen would dissappear every everytime I ended that process. "awy" was the file name at this time, which I understand will change from one system to another. At least now I had a file name.
The next gets real complicated for us normal computer users. I went into safe mode, I went to open system restore and F$%# cursed screen came up again. I could not load anything with out "awy.exe" coming up in the application window. What I wanted to load would not run at all, not even regedit from the run command. I had to reboot into safe mode with Command prompt and run regedit from there (had a heck of a time remembering dos comands) I did a search for "awy"in the registry and deleted all the keys and stuff. From the command prompt again typed "explorer" to bring up the desktop. I then did a search in explorer from the run command for "awy" and deleted these files....I rebooted when back in normal mode I could not open anything from the desk top I had lost all my file associations (regstry boo-boo I think on my part) Since I run monthly registry back up and cleaning with Eusing Registry Cleaner I was able to reboot back into safe mode with Command Prompt. I --cd c:\program files\dir Found the Eusing directory , another Dos exercise cd c:\ program files\xxxxxxxx\xxxx then enter xxxx for the exe program to run. I loaded an old backup registry file. when that was completed typed "explorer" to get to desk top ,rebooted to nomal mode and then ran every virus and maleware program I had . Happy to report ALL CLEAR.........I am .Really Really Really by the way can I tell you I am really dissapointed in Mcafee AS IT DID NOT STOP OR PICK UP THIS MALEWARE AT ALL. and was running all options turned on at the time!!!!!!!
Not sure if this will help any one BUT WHEN IN THE REGISTRY make sure you know what you are doing.
I have had this happen twice in two days. I am not sure what site is infecting my system. I use Malwarebytes and Spybot to remove it. Do you know what sites are causeing this issue? I am suprised that McAfee is not catching this and removeing or blocking it. I hope someone from McAfee is reading this and gets this spy ware issue resolved with its product.
1 of 1 people found this helpful
The only way to find out which site(s) might be hosting this fake AV would be for you to examine the list of websites you've visited - your browser should have a History option which will show you (unless you've set the browser to delete everything on exit). Any site might be the culprit, possibly through contaminated advertising, but certain sites are known to host these programs and they often lure people to them by manipulating search engine results. Right now lots of searches for anything to do with that royal wedding, or Osama Bin Laden, are producing lists of websites on the first page which are specifically designed to attract people so that malicious code embedded in the webpages can be implanted on those users' PCs.
As for detecting the fake programs, the programs themselves slip under the radar of AV real-time scanners because they look to the software like ordinary harmless downloads. It's only when they're installed that the trouble begins. Malwarebytes is a good program for getting rid of them because it's updated at least once a day with the latest variants, so always make sure you download the very latest update. These fake programs are its niche market, whereas McAfee concentrates more on serious-damage viruses; some of the more troublesome fake programs will be cleaned by McAfee, but not necessarily all. Which is why Malwarebytes is good as a standby.
1 of 1 people found this helpful
XP Internet Security 2012 / XP Security Center 2012 / XP Antispyware 2012 / XP Antivirus 2012 / XP Security 2012 / XP Home Security 2012 all these are same spayware.
If you are trying to remove this spyware, there are full instructions on how to do that manually at the link :
There is a possibility that you will not be able to open any exe file after the removal of virus
I will provide you one registry key. Download and run it. It will fix the issue with that open with issue.
To fix that one try
1 of 1 people found this helpful
The Antispyware 2012 virus has infected one of our Windows 7 PCs twice now... I thought I would share the steps that we took to remove it..
The summary is: Reboot in safe mode and then use the system restore utility to restore to the last "Restore Point". That's it..
A little more detail:
- Reboot the PC
- Press F8 continuously during boot up.
F8 will trigger the Windows Startup Window to be displayed.
If the BIOS setup page is displayed first then press the ESC key to continue to the WIndows Startup
- Once the Windows Startup page is displayed select "Safe Mode" (not with networking).
PC will then boot up in a safe mode... You can google this if more info is needed...
Apparenty the Safe Mode does not use all of the registry info and therefore the entries that have highjacked the *.exe files are not used.
- Press the start button and then enter "System Restore" in the search box or navigate to this functionality using the control panel.
- Launch System Restore and then restore to the last restore point.
- That's it..
It is a nasty virus but we can recover in less than 5 minutes.. We have also updated our IE policies to use more secure settings until all of the virus protection programs and browsers are able to deal with this,..
Any programs that have been installed since the most recent restore point will need to be reinstalled. Hopefully, you have policies that create restore points on a periodic basis... One way is to enable Microsoft Automatic Updates and the critical ones always create a restore point. Consider creating a restore point before installing software. Good luck...
Thanks for the good suggestions guys but as the thread dates from almost a year ago I think it was sorted out long ago. Anyone with a new issue involving this particular pest or one like it should start a new discussion.
There is always McAfee Stinger which is updated daily with new fake-alert detections: http://stinger.mcafee.com/
Various tools are mentioned here: https://community.mcafee.com/docs/DOC-2168