How to remove Win 7 Antivirus 2012

June 14, 2011 at 17:59:21
Specs: Windows 7
Hi,there.
There was something wrong with my Windows 7 Restore,then I just could not stop those popups from Win 7 Antivirus 2012,and my FF was hackced as well onto unknown webpages.
I don't have any AV on my PC.

See More: How to remove Win 7 Antivirus 2012

Report •


#1
Report •

#2
June 14, 2011 at 19:23:09
rinahagstrom,

Are you able to launch programs, or do you launch the infection instead of the desired program?

Try the following:

Download RogueKiller
http://tigzy.geekstogo.com/Tools/Ro...
Save it to your Desktop.

Now, close all open programs.

For XP, simply double-click RogueKiller.exe
For Vista/Windows 7, right click the file and select: Run as Administrator

When prompted, type 1 and hit Enter.

An RKreport.txt should appear on your Desktop.

Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

>>Please post the contents of the >RKreport.txt< in your reply.<<

We will take further action based on the results of this report.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#3
June 18, 2011 at 16:17:41
Hello,
I have that vista antivirus 2012 malware. I just had the following report from roguekiller.
Can you please tell me what to do?
Thank you!


RogueKiller V5.2.3 [06/16/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discuss...

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Muge [Admin rights]
Mode: Scan -- Date : 06/19/2011 02:12:47

Bad processes: 1
[SUSP PATH] qvm.exe -- c:\users\muge\appdata\local\qvm.exe -> KILLED

Registry Entries: 7
[ROGUE ST] HKCU\[...]\Run : 1184311003 (C:\Users\Muge\AppData\Local\qvm.exe) -> FOUND
[ROGUE ST] HKUS\S-1-5-21-1030740680-2698106834-3648871752-1000[...]\Run : 1184311003 (C:\Users\Muge\AppData\Local\qvm.exe) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{1BAFA063-F785-493C-9CE6-36D15DA783FE} : NameServer (8.8.8.8,8.8.4.4,192.168.2.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{1BAFA063-F785-493C-9CE6-36D15DA783FE} : NameServer (8.8.8.8,8.8.4.4,192.168.2.1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\Muge\AppData\Local\qvm.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost
127.0.0.1 activate.adobe.com
209.85.229.99 youtube.com
74.125.43.103 google-analystics.com
72.14.213.93 lh4.ggpht.com
72.14.213.93 lh4.ggpht.com
72.14.213.113 auth.keyhole.com
74.125.79.100 uk.youtube.com
74.125.79.100 de.youtube.com


Finished : << RKreport[1].txt >>
RKreport[1].txt


Report •

Related Solutions

#4
June 18, 2011 at 16:44:46
machiavelli,

Will be glad to help you with RougeKiller, but, please start your own topic.

I'll find you...

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#5
June 18, 2011 at 16:48:36
ok mate, thanx for your reply.

Report •

#6
June 19, 2011 at 05:49:17
Not terribly computer literate, but this is how I removed it from my laptop. When rebooting, I pressed F8 and chose the option Safe Mode with Networking. Then, instead of choosing the option "work witin Safe Mode," I chose Use System Restore Instead. I then chose an earlier resotre point when everything was working correctly. This got rid of this virus for me.

Report •

#7
July 1, 2011 at 06:42:36
It is not really difficult to get rid of this type of scam. Here is the link you need to visit. There is a good video guide which will help you remove this malware. If you want to remove this virus for free then contact GridinSoft Trojan Killer Customer Support Team and they will issue the trial activation code to you.
http://remove-malwares.blogspot.com...

Report •


Ask Question