The Win 7 Antispyware 2012 is another in a very long line of rogue antispyware programs that sneaks into your computer from infected web sites and malicious software. It installs itself in a stealth-like manner and then proceeds to scare you into purchasing it by running and fooling you into thinking your computer is infected with tons of issues that it is not. Virus writers are becoming experts in SEO (search engine optimization) and are getting infected sites ranking very high in the search engines. Although these sites only rank high for a short time, they can do tremendous damage while they are showing up. You also may have clicked on a link in an email and were infected.
What Does the Win 7 Antispyware 2012 malware do to your system?
First of all, the program stops you from accessing the Internet by showing this startup page when you open Internet Explorer or Firefox.
When you "continue surfing without any security measures" the system still refuses to access the Internet. It doesn't appear the program uses a proxy server option to halt Internet connectivity, and the hosts file appears to be unchanged and valid.
However, the malware does stop you from running .exe programs, so removing it can be troublesome without Internet access and the ability to run programs.
Can I Remove Win 7 Antispyware 2012 manually?
Because of so many variations in this particular rogue software, you should follow the step-by-step procedure below to remove it, instead of manually hunting through the registry. In previous versions, the infected file was called kdn.exe, however in the latest version the file is called mwl.exe. They are usually located in the AppData\Local folder in the User directory. Since the file tends to change its name, use the steps below to remove it instead of manually removing it.
Step by Step Procedure for Removing Win 7 Antispyware 2012 Rogue Application
1) We need to restore the ability to run programs first. To do this, download the following registry file onto a removable disk, USB drive, thumb drive, etc. and take it to the infected computer. Once on the infected computer, find the drive in My Computer and open it, then double-click on the reg file and allow it to import into the registry.
2) Restart Your Computer in Safe Mode (with Networking) by pressing F8 when the computer boots and selecting the appropriate option.
3) Download RKill from Bleeping Computer to your desktop. Double-click on it and run it. This program will try to kill any malicious processes currently running on your system.
3) Now that the computer is somewhat stable, open a web browser and download Malwarebytes Anti-Malware from their site
4) After Malwarebytes has downloaded, install it and try to update it. In one particular occasion, it was unable to update and I had to update it manually. In order to update Malwarebytes manually, you'll need to download the mbam-rules.exe file and run it.
5) Now proceed to run Malwarebytes Anti-Malware and remove any problems it finds. The malwarebytes scan log will have entries such as this:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
(No malicious items detected)
c:\Users\User\AppData\Local\mwl.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\User\AppData\Local\dxj.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\User\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ARYZKDML\download.exe (Trojan.FakeAlert) -> No action taken.
6) Reboot Your Computer
Run a Thorough Virus Scan
Finally, as an extra precaution, scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues.
Edit by mod; Links deleted