The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows 7

Removal of Win 7 Antispyware 2012

(4 posts)
  • Started 4 years ago by irembright
  • Latest reply from silhouttejames
  • Topic Viewed 402 times

Posts: 1

The Win 7 Antispyware 2012 is another in a very long line of rogue antispyware programs that sneaks into your computer from infected web sites and malicious software. It installs itself in a stealth-like manner and then proceeds to scare you into purchasing it by running and fooling you into thinking your computer is infected with tons of issues that it is not. Virus writers are becoming experts in SEO (search engine optimization) and are getting infected sites ranking very high in the search engines. Although these sites only rank high for a short time, they can do tremendous damage while they are showing up. You also may have clicked on a link in an email and were infected.

Source: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
What Does the Win 7 Antispyware 2012 malware do to your system?

First of all, the program stops you from accessing the Internet by showing this startup page when you open Internet Explorer or Firefox.

When you "continue surfing without any security measures" the system still refuses to access the Internet. It doesn't appear the program uses a proxy server option to halt Internet connectivity, and the hosts file appears to be unchanged and valid.

However, the malware does stop you from running .exe programs, so removing it can be troublesome without Internet access and the ability to run programs.

Can I Remove Win 7 Antispyware 2012 manually?

Because of so many variations in this particular rogue software, you should follow the step-by-step procedure below to remove it, instead of manually hunting through the registry. In previous versions, the infected file was called kdn.exe, however in the latest version the file is called mwl.exe. They are usually located in the AppData\Local folder in the User directory. Since the file tends to change its name, use the steps below to remove it instead of manually removing it.

Step by Step Procedure for Removing Win 7 Antispyware 2012 Rogue Application
1) We need to restore the ability to run programs first. To do this, download the following registry file onto a removable disk, USB drive, thumb drive, etc. and take it to the infected computer. Once on the infected computer, find the drive in My Computer and open it, then double-click on the reg file and allow it to import into the registry.


2) Restart Your Computer in Safe Mode (with Networking) by pressing F8 when the computer boots and selecting the appropriate option.

3) Download RKill from Bleeping Computer to your desktop. Double-click on it and run it. This program will try to kill any malicious processes currently running on your system.

3) Now that the computer is somewhat stable, open a web browser and download Malwarebytes Anti-Malware from their site

4) After Malwarebytes has downloaded, install it and try to update it. In one particular occasion, it was unable to update and I had to update it manually. In order to update Malwarebytes manually, you'll need to download the mbam-rules.exe file and run it.

5) Now proceed to run Malwarebytes Anti-Malware and remove any problems it finds. The malwarebytes scan log will have entries such as this:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\User\AppData\Local\mwl.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\User\AppData\Local\mwl.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\User\AppData\Local\dxj.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\User\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ARYZKDML\download[1].exe (Trojan.FakeAlert) -> No action taken.

6) Reboot Your Computer

Run a Thorough Virus Scan

Finally, as an extra precaution, scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues.

Source: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Edit by mod; Links deleted

Posted 4 years ago
Posts: 4024

There are easier ways.

Posted 4 years ago
Posts: 10945

And self promotion is not allowed on HTG.

New posters regarding or pointing to, A/v, antispyware / antimalware are regarded with suspicion, for sure


Posted 4 years ago
Posts: 20

Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)

Scroll down to: "Automated Removal Instructions for Win 7 Antispyware 2012 & Vista Antivirus 2012 using Malwarebytes' Anti-Malware:" and follow the instructions from there.

Posted 4 years ago

Topic Closed

This topic has been closed to new replies.