I had an excellent detailed answer to this problem emailed me by Email removed for privacy but he doesn't seem to have published it to the community. The virus was actually removed by McAfee in the end but I had problems opening any programs and he gave a detailed description of how to overcome the problem.
The particular malware you became infected with is likely a type of fake-alert anti malware (aka scareware), designed to make you think your computer has massive security issues. The cretins who create these types of malware have one objective...to try and separate you from your money! Often these programs bombard you with overlapping popups, telling you your computer has some lengthy list of infections and even pretend to perform a "scan" of your system. (ALL of which is fake of course). This malware has been around for quite a while and is often seen under many different names.
There are a number of useful techniques for handling this type situation which many of our distinguished moderators and other experienced contributors here can go into more detail about for you. The unfortunate reality here is that most all of the major AV software providers, such as, McAfee, Kaspersky, Norton (Symantec), etc are not all that good at picking up on this type malware. For this reason, it is recommended that you have an anti-malware program, such as, the FREE version of Malwarebytes to supplement your primary AV software.
(Just be sure not to use an anti-malware program which utilizes real-time scanning. Running two security programs like that can cause some serious problems). The Malwarebytes FREE version, as well as, some other free anti-malware programs can provide on-demand scanning and thus, help enhance your computer's security. Hopefully, our moderators and other experienced forum contributors will chime-in on your post here with some additional, helpful information.
Message was edited by: spc3rd on 6/27/11 6:39:44 PM EDT
Moved out of Home & Home Office into Security Awareness (Home User Assistance).
Mcafee have updated Stinger to detect Fake AVs and are updating it daily. Note redownload required each run as does not auto update.
Note this is a work in progress so if it does not work run MWB above and let Mcafee /here known what was not fixed.
Because the virus is very strong,
Fake XP Anti-Spyware 2012 Step-by-Step Manual Removal Instructions
1. Press Ctrl+Alt+Del to open Taskmanager and stop fake XP Anti-Spyware 2012 Process:
2. Remove fake XP Anti-Spyware 2012 associated files listed below:
Link labelled dangerous by WOT removed by moderator
I thought it might help everyone if I told people how I removed it.
This virus is very clever and damaging. It stops you getting to the internet taking you instead to the website for the fake virus remover. It is not touched by McAfee, it stops Malwarebytes working (which I already had on my PC), it damages windows updates, internet explorer addins and much more.
It took me a long time to remove the virus and get my PC applications working properly again.
With just the virus running I used Alt Ctrl Del to see what applications were running (applications tab). In my case there was just a programme called MCR.exe running. I used search to find it and then the McAfee shredder to shred the virus.
Apparently the virus can have any random three letter name. Apparently it can disable the alt ctrl del function and can stop the search from working. It can stop itself from being deleted too. Fortunately on mine I was able to find it and then delete it. This gave me breathing space to get to the internet.
I went back to a restore point (but dont think this did anything)
I deleted and reinstalled malware bytes:
This was now working and found the virus components and removed them.
Then I ran Microsft Safety Scanner which also found a lot more bits and pices to remove
Rebooted and reran both of them again.
Uninstalled and reinstalled windows update which was damaged - I had to delete files manually and run a special code to get it to work - which I cant now find instructions for, if I find them I will post.
Reinstalled flash macromedia (had to manually enable it)
Then reconfigured the machine.
If none of this works here are widely quoted instructions for manual removal
Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\com mand "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode \command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\co mmand "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h %LocalAppData%\kdn.exe %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h %Temp%\u3f7pnvfncsjk2e86abfbj5h %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h
This site helpfully posts advice on how to remove XP Antispyware 2012, Vista Antispyware 2012, and Win 7 Antispyware 2012, which are all versions of the same scareware. This is phony spyware that tricks you into believing you have a virus and offers to remove it if you buy the software, when, in fact, it is a virus itself. The instructions from www.bleepingcomputer.com walk you through downloading and running three free programs: FixNCR.reg (which will fix the registry changes which allow the virus to work), RKill (which will stop the virus from running) and Malware Bytes Anti-Malware (which will scan your computer for infections caused by malware like XP Antispyware 2012, Vista Antispyware 2012, and Win 7 Antispyware 2012 and remove them).
However, there is a much easier way to remove malware and viruses that doesn't require you to download or use any other programs than one which is already included in Windows 7, Vista and Windows XP. Unlike the ones mentioned above it is almost foolproof and nearly always effective. It is called System Restore and, with the correct use of the program, it will solve your problems even if your computer is totally frozen by the malware or virus, even after rebooting.
First, you will have to reboot in Safe Mode, so that the malware or virus can't block your access to System Restore. The viruses we are talking about here will not let you access System Restore in Normal mode. This requires you to reboot and tap the F8 key while booting in order to be able to select Safe Mode.
Once you have rebooted into Safe Mode (this will take awhile longer than a regular boot into Windows), you can use System Restore. There are a variety of ways to access System Restore: 1. Click on Start, Programs, System Tools, System Restore; 2. Click on Start, Settings, Control Panel, Help and Support, Undo changes to you computer with System Restore; 3. Click on Start, Run and then type restore or rstrui in the dialogue box and click on Run when you see System Restore as an option or click on restrui.exe if you see this file. There are other ways to access System Restore which you can find on the Internet.
Follow the on-screen directions for restoring your system to an earlier point in time. Windows creates system restore checkpoints at regular intervals and you should be able to select one. You may also create your own. You must go back to a date and time that was before the infection. This is a critical point in removing the malware or virus. It may be necessary to check "Choose a different restore point" in order to be able to choose an earlier date. Note that any programs you may have installed after that date will be uninstalled. However, you can always re-install them.
Another important point to remember when using System Restore is to not interrupt the process or attempt to do anything else on your computer while it is working. System Restore can take a long time, especially when operating in Safe Mode. Not allowing System Restore to complete properly will likely corrupt your system registry and you will probably have to reinstall Windows as a new install, which will also require reformatting and losing all your data.
This is, by far, the easiest way to remove malware and viruses from your computer.
Good advice. Thank you dac10012.