Saturday, November 5, 2011

Remove System Security 2012Remove System Security 2012

Remove System Security 2012
System Security 2012 is a fake antivirus program that will start automatically when Windows boot. After that, System Security 2012 will do a fake scan on the computer and WILL SURELY state that the computer is infected by malware and then System Security 2012 will prevent some antivirus from running on the computer. System Security 2012 cannot detect any kind of virus, trojan or malware. System Security 2012 can do nothing. System Security 2012 cannot remove any virus, trojan or malware. System Security 2012 just make the computer to operate slowly and show pop ups to urge the user to purchase the full version of System Security 2012 to remove the threats. System Security 2012 cannot remove any threat at all. System Security 2012 can infect the computers even when the users browse the Internet or check comments on their blogs. Some of these comments might be spam including malicious links, which reroute the users to a harmful websites. If the users click on one of these infected links, they would get redirected to a website which promotes and sells System Security 2012.

System Security 2012 can be removed by using Emsisoft HiJackFree by stopping the process ([random].exe) and delete the files at the same time. Then, remove the autorun setting set by System Security 2012.

System Security 2012 should be removed immediately!

System Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
svhostu.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\[RANDOM]
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:59232"
HKEY_CURRENT_USER\Software\System Security 2012

Remove Folders and Files
[random].exe in hard drive
%AppData%\svhostu.exe
%SYSTEM%\[random].exe
%AppData%\ldr.ini
%AppData%\[random]
%UserProfile%\Desktop\System Security 2012.lnk
%Temp%\svhostu.exe
%Temp%\8.tmp

No comments:

Post a Comment