Friday, 4 November 2011

How to Remove System Security 2012 (Uninstall Guide)

System Security 2012 is a phony anti-virus program, anyone following the internet security space has no doubt recognized this fraud. The tactic is common. Trojan masquerades as antivirus software, detects a bunch of critical infections, system vulnerabilities or zero-day attacks to scare you into believing that your computer has been infected with malicious code. Growing complaints from Windows users raised awareness of scareware, but unfortunately System Security 2012 and similar malware outbreak continues. Rogue antivirus products use social engineering to gain access to the system. For example, this rogue AV may masquerade as a custom flash player update package (we found it on a fake youtube web page). Web drive-by attacks are a subset of this attack vector when simply visiting an infected website is enough to trigger web browser vulnerabilities and as a result allow malicious code to be executed.

Vulnerabilities can be patched, but the problem is that users can be tricked into installing malware on their machines. It is always a good idea to to do some research on unknown software before you start the installation process. I bet you won't find a single positive review about System Security 2012. If you feel you were deceived when you installed a program you need to uninstall it as soon as you can. The best way to remove System Security 2012 is to scan your computer with at least one, and ideally a few, anti-malware products. We don't recommend uninstalling this fake antivirus manually, because very often it comes bundled with rootkits. Rootkit is a very sophisticated piece of malicious code that injects system files, blocks legitimate security products and downloads additional malware onto the infected computer. You can't remove rootkits manually. To remove System Security 2012 and associated malware from your computer, please follow the removal instructions below.

Last, but not least, System Security 2012 has been regarded and low system security threat. It can't delete your files, steal login credentials, credit card numbers, etc. It may however, slow down your computer a little. Just don't purchase this bogus security products. If you already did, please contact your credit card company and dispute the charges. Good luck and be safe online!

Here's what the rogue antivirus called System Security 2012 looks like.



A couple of fake security alerts you may see when this rogue antivirus is active.





By far the most easiest way to get rid of System Security 2012 is to use the debugged activation code 9992665263 and run anti-malware software.

http://deletemalware.blogspot.com


System Security 2012 removal instructions:

1. First of all, download and run ZeroAccess/Sirefef/MAX++ removal tool. (works on 32-bit systems only! If you have 64-bit system, proceed to the next step)

2. Then use TDSSKiller.

3. And finally, download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!

Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.


Manual System Security 2012 removal guide:

1. Right-click on System Security 2012 icon and select Properties. Then select Shortcut tab.

The location of the malware is in the Target box.

2. In our case the malicious file was located in C:\Windows\System32 folder. Select the malicious file, rename it and change a file name extension.

Original file: TcS22bF3nGaQWKf.exe



Renamed file: TcS22bF3nGaQWKf.vir



3. Restart your computer. After a reboot, download free anti-malware software from the list below and run a full system scan.

4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

5. Remove the TDSS/ZeroAccess rootkit (if exists). Please follow this removal guide: http://deletemalware.blogspot.com/2010/03/tdss-alureon-tidserv-tdl3-removal.html


Manual activation and System Security 2012 removal:

1. Choose to remove threats and manually activate the rogue program. Enter one of the following codes to activate System Security 2012.

9992665263
1148762586
1171249582
1186796371
1196121858
1225242171
1354156739
1579859198
1789847197

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. Remove the TDSS/ZeroAccess rootkit (if exists). Please follow this removal guide: http://deletemalware.blogspot.com/2010/03/tdss-alureon-tidserv-tdl3-removal.html


Associated System Security 2012 files and registry values:

Files:
  • C:\WINDOWS\system32\[SET OF RANDOM CHARACTERS].exe
  • %AppData%\hkRdkTdkFrGrPhT\System Security 2012.ico
  • %AppData%\ldr.ini
  • %DesktopDir%\System Security 2012.lnk
  • %Programs%\System Security 2012\System Security 2012.lnk
  • %Programs%\System Security 2012
Registry values:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
Share this information with your friends:

No comments:

Post a Comment