6 Replies Latest reply on Nov 21, 2011 9:21 AM by pcchick

    AV Security 2012 removal

      Hi ,


      I somehow got AV Security 2012 on my laptop. I have mcafee installed on my laptop through my corprate IT , but, it can't detect . How can I remove it ?

        • 1. Re: AV Security 2012 removal

          Required Reading - Home User Assistance Malware Troubleshooting


          Anti-Spyware, Malware & Hijacker Tools


          These documents from McAfee will assist you with removing this rogue spyware from your computer.  There are some excellent tools in the second link and you may also want to get a second opinion from Malwarebytes which is mentioned in it.


          Let us know if you need more help with anything

          • 2. Re: AV Security 2012 removal

            I moved this to Malware Discussions > Home User Assistance as a more appropriate spot.    If those tools don't help there is a removal guide here:  http://www.bleepingcomputer.com/virus-removal/remove-av-security-2012


            Scroll down the page as the first links you see are adverts.

            • 3. Re: AV Security 2012 removal

              The sample I had came bundled with a rootkit, here's a write-up and removal guide. Malwarebytes detects and removes the rogue av but fails to remove the rootkit. I'm not sure if Stinger can remove TDL4 rootkit? I think folks at McAfee should create standalone TDL3/4 removal tool, it's a very widespread infection. Anyway, you can use the TDSSKiller utility to remove the rootkit. This infection also changes the Windows HOSTS file. Use Windows Fix it tool to reset the Hosts file back to the default http://support.microsoft.com/kb/972034




              Message was edited by: techrumy on 11/14/11 3:22:29 PM CST
              • 4. Re: AV Security 2012 removal

                From a forum search apparently McAfee already detects some 50 variants of TDL4.  Not sure if Fake-Alert Stinger carries later detections or not.

                • 5. Re: AV Security 2012 removal

                  Discussion moved to Top Threats.

                  • 6. Re: AV Security 2012 removal

                    Hi Anad- I am glad to help.


                    First off the moderators in this thread are on the right track. Malwarebytes will remove this infection. The problem I had with MBAM is that when I wen to download the program from their site, I got redirected to CNET! Then on the malwarebytes page on CNET I when I clicked the Malwarebytes download button, I ended up with a program called ARO (advanced registry optimizer) I thought that was part of MBAM but appeantly not as it was not capable of removng the virus. I have learned since that I clicked on an ad and the actual MBAM download is somewhere hidden on that page. Why does Malwarebytes do this? Is almost as bad as the virus!


                    Anyways, here is what we did to remove the infection:



                    1. Turn off the computer and wait 20 seconds. Then Turn it back on and immediately begin pressing the "F8" key until you see the Windows Safe Mode options Menu. Then Select "Safe Mode with Networking" and hit ENTER and let it load up.


                    2. After the computer has loaded into Safe Mode with Networking, Press the "Windows" key + the "R" key at the same time. (Windows Key is to the right of space bar, marked with an Windows logo) This will open the Run Command Box. In the Run Command Box Type: iexplore http://www.fixs.me


                    That will download the latest version of spyware doctor with antivirus without having the virus block it. By doing it this way it installs faster and the virus can't block it.


                    3. Complete the installation of spyware doctor by selecting "RUN" and perform the scan and register it to remove the virus completely.


                    Please Note: I called spyware doctor the first time I ran the scan because in the results none of the infections it found were called "AV protection Virus" they told me that the actual file name maybe very different and that av protection 2011 is just the name the hackers use to trick people and the actual file names are totally different.



                    4. Then we set set the spyware doctor program to work cooperatively with our McAfee program. You can find that in the program settings.


                    Resources: http://www.security-exchange.net/news/av-security-2012-virus AV Security 2012

                    I hope this helps others!


                    Message was edited by: pcchick on 11/21/11 9:19:39 AM CST


                    Message was edited by: pcchick on 11/21/11 9:21:31 AM CST