Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, June 8, 2011

Remove Vista Antispyware 2012, Win 7 Internet Security 2012 (Uninstall Guide)

Tell your friends:
Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 are only a few names of the rogue security program that pretends to scan your computer for viruses and then claims to find a bunch of malicious files that aren’t really there. It will prompt you to register the fake antivirus application for a fee in order to remove the non-existent threats and to make the incessant malware warnings disappear. It can be quite persistent in its attempts to convince you into buying the full version of the program. If you have accidentally installed this fake antivirus, go ahead and uninstall it. To remove Vista Antispyware 2012, Win 7 Internet Security 2012 and other variants of this scareware from your computer, please follow the steps in the removal guide below.

This rogue security application goes by many different program names listed below.

Windows Vista rogue names:
  Windows 7 rogue names:
Vista Antispyware 2012   Win 7 Antispyware 2012
Vista Antivirus 2012   Win 7 Antivirus 2012
Vista Security 2012   Win 7 Security 2012
Vista Home Security 2012   Win 7 Home Security 2012
Vista Internet Security 2012   Win 7 Internet Security 2012
Vista Total Security 2012   Win 7 Total Security 2012



Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 is one of many fake antivirus applications just like the '11 version of this malware described on this page Vista Antispyware 2011, Vista Security 2011 and Vista Antimalware 2011. If you take a closer look at these fake antivirus applications you'll see that they are almost identical. While running, the fake antivirus will launch pop-up windows with false or misleading alerts. It states that your computer is under attack from a remote server and that there is a piece of malware running on your computer that may steal your sensitive information.





It also displays this fake Windows Security Center which looks quite convincing and professional.



Vista Antispyware 2012, Win 7 Internet Security 2012 prevents you from visiting antivirus vendor websites, it may disable certain Windows utilities and block legitimate software. Actually, it hijacks Internet Explorer and other browsers and it might be that you won't be able to visit any website. The fake alert states: Visiting this site may pose a security threat to your system!



Here's another fake security alert which is displayed every time you attempt to run legitimate software:
Vista Antivirus 2012 Firewall Alert
Vista Antivirus 2012 has blocked a program from accessing the
internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen


And probably the most annoying thing about this malware, is that Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 hijacks a file association for executable (.EXE) files.


Quick removal:

1. In the worst case scenario, if can't reboot your computer in safe mode and install anti-malware software to remove Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012, you can use this debugged serial key 9443-077673-5028 or 3425-814615-3990 to register the rogue application in order to stop the fake security alerts. Just click the Registration button and then select "Activate manually". Don't worry, this is completely legal. If the reg keys do not work anymore, please follow the removal instructions below.



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

Without a doubt, this security application is nothing more but a scam. Don't end up handing your credit card information over to the people most likely to defraud you. If you need help in removing this annoying malware from your computer, please leave a comment below or follow the alternate removal instructions. Good luck and be safe online.


Alternate Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 removal instructions:

Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
  • Hide extensions for know file types
  • Hide protected operating system files
Click OK to save the changes.


1. Go into C:\Users\[UserName]\AppData\Local\ folder.

For example: C:\Users\Michael\AppData\Local\


2. Find hidden executable file(s) in this folder. In our case it was called vkl.exe, but I'm sure that the file name will be different in your case. Rename vkl.exe to vkl.vir and click "Yes" to confirm file rename. Then restart your computer.



3. After a restart, copy all the text in bold below and paste to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.

6. Open Internet Explorer. Download exefix.reg and save it to your Desktop. Double-click on exefix.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.

7. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.


Associated Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 and registry values:

Files:
  • C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe
  • C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
  • C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
  • C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS]
Registry values:
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
Share this information with other people:

158 comments:

Anonymous said...

The exefix.reg file won't download on my computer, to be specific a Registry Editor box is telling me that it cannot import the file because not all data was successfully written to the registry. Some keys are open by the system or other proccesses. Any help with that would be greatly appreciated.

Anonymous said...

try system restore before doing all that though

Anonymous said...

Ever since i removed this virus, my computer has been running so slow.

Done many malware anti-bytes and spyware blaster removes, and its not detecting anything.

Anonymous said...

This precise bugger got past my AVG but I recvognised it for what it was and though it blocked me from AVG I also have Super Anti Spyware and Spybot on my laptop.I ran a full scan on SAS and a full scan as administrator on Spybot which cleared things out.Now I found I could access AVG which I had been blocked from and ran a full scan on that.All 3 scans are now showing clear and those annoying pop ups have vanished.I would advise everybody to have more than 1 compatible anti adware and spyware systems running on their computer as even the best updated ones will miss things that others catch.BTW this program blocked me from doing a system restore but once my anti malware system cleaned it out I could then perform a system restore as a final fix.

Anonymous said...

Is there any way to remove this without paying for the spyware doctor program?

Admin said...

Yes, you can use Malwarebytes Antimalware, SUPERAntispyware or Hitman Pro to remove this rogue antivirus program. These programs are free.

Anonymous said...

i typed in those numbers and can u summarize how to remove it because im not too good with the computer

Peter Richter said...

The code's not working anymore... they must have found your blog. :)

Anonymous said...

Hello. I am running a Vista Family Edition 64 bits SP2 desktop. I had this Vista AS 2012 problem, followed your helpful instructions and successfully removed it. However I cannot run any application from the desktop shortcut. I get the message: "application not found". How can solve this, please. Thanks.

Anonymous said...

I disconnected my computer from the internet, used system restore to put the system back to what it was a few days ago, then had to re-enable my anti-virus programs (Avast and Microsoft security essentials). After I did this, I reconnected to internet and updated the antivirus programs and did a complete scan. Everything seems to be OK now.

Andrew Murray said...

I too got this Malware on my system, but it seems to have been cleaned out.

I first removed the malware with Malware bytes, and did full system scans with MS Security Essentials, Malwarebytes and Spybot S & D.

I had an side-effect issue with the EXE file associations and several suggested registry fixes (similar to the one stated above) didn't seem to fix the problem but I did a system restore to a few days back and it seem to fix everything.

Anonymous said...

Reg key no longer will not work. Now what?

Anonymous said...

Just simply run system restore.
For win 7 or vista users, you can find it by searching for it it in the start mode. This method also works for XP

If you can't open it in normal windows, restart your computer and while it is restarting, hold down F8. When the safe mode options open, select Safe Mode with Command Prompt. This will boot up windows with only command prompt. type in rstrui.exe and bam it runs system restore. select a date that was before the time you got the virus and you'll be good!

Anonymous said...

1147-175591-6550 this key is not working.it shows invalid reg key.plz help me to get rid of this vista internet security 2012 alert

Anonymous said...

do I have to go back and check the boxes again in my hidden folders?? i have followed instruction to the letter and laptop seems to be ok now but not sure what to do about the hidden files now??

Anonymous said...

I was blocked from doing a system restore from the hard drive, but was able to do a system restore when booting from the restore disc. Problem seems to be fixed.

Anonymous said...

System restore seems to have worked for me. Thanks for all the suggestions.

Anonymous said...

I was infected with "Vista Antivirus 2012" and was unable to run any .exe file. Had the popups every time I tried to open any file. Here's what I did...


Saved the fix.reg to desktop but was unable to get MalwareBytes to install. Kept getting the Vbaccelerator errors.

I was able to change the exe file in user\appdata\local. For me it was vfu.exe -> vfu.vir.

Then I was able to run firefox and download SuperAntispyware. Installed and after an hour the scan was finished. Seems to be working fine now.


Should I delete or modify the "vfu.vir" file that is still in the \appdata\local folder

Thanks for the help!

Anonymous said...

please give working reg key i really need it

Anonymous said...

Ran system restore as administrator seems to be working hopefully it does the job!

Anonymous said...

I think the asshats responsible for this spyware are tweeking their methods. None of the suggestions worked for me but restoring my computer to a month before. They recommend a week but I just wanted to be extra sure. When trying the 'Run' enter "Command" key the spyware made 'Command' unrecognizable. Same when I tried to manually change DFX.exe to the .vir it jacked up my access to the web altogether so that I couldn't download any malware protection. The option for entering the code to trick the program into thinking you have a registry key no longer exists or at least in my case it didn't. There was nowhere to enter it. You had to buy the program first. God forbid these azzholes become any more convincing and proficient with their scams. If not for the insistent, annoying, over-the-top announcements of dire straits to my computer, they may have fooled me into thinking this was legit.

Anonymous said...

I need help getting this crap off my computer. PLEASE HELP ME!

M-U-A said...

Just follow the instructions above and you'll find on that works. I have been working on this for three hours now until I found something that worked.

I am having to do a system restore but as I haven't had my netbook for very long, I can only go back to a few days ago. I assume that this ok? Guess I'll find out.

Thanks for all the info on the site and for the info left by people inflicted with the same thing. Saved my life!

Anonymous said...

Best approach is to run a system restore prefereably 7 days - it worked fine for me - computer seemed to run a little slower but download a malware program and clear drive up...

Anonymous said...

Thanks for this article. The tip about saving the malware agent as "iexplore.exe" was helpful. At that point I was able to right click on it and choose "Run as administrator" and clean it out..

Anonymous said...

my system restore isn't working. The damn antispyware is blocking it. Is there any other way to get rid of it??

Anonymous said...

i was able to get around the program by killing its process in task manager it would still come right back but when i did this it allowed me to run hitman pro i did both processes and the first one didnt help the second worked great though thank you so much

Anonymous said...

I got this virus today while I was checking my emails on my laptop. I had to jump onto my desktop to search the net for help as I was locked out of using the net on my laptop. I followed the instructions above using the Reg key quoted 2233-298080-3424. (The first one did not work). It created a fake reg and got rid of the pop-ups and all those other fake applications. I'm running a full scan now on the Malwarebytes program, so fingers crossed.
Really concerned that this virus managed to get pass my Macfee Antivirus, even though I ran it twice and twice and got, "your PC is protected" message!!!

Anonymous said...

Hi, my laptop was just infected with this troublesome malware this morning and after a hard search for the most appropriate guide online for hours, I was lucky enough to pop into this blog. I used the code 2233-298080-3424 and all the threats disappeared after activation. However, the question here is do i still need to remove manually through the steps mentioned on the blog?. I'm a bit dumb at computer stuffs. Thanks so much,so far, for the keys and instructions. :)

Anonymous said...

how do you do system restore?

Admin said...

Q: However, the question here is do i still need to remove manually through the steps mentioned on the blog?

A: You should scan your computer with anti-malware software.

som said...

You save my life because I made mistake to get vista internet security 2012 in husband's PC. Now i fixed it by 2233-298080-3424 code. That software is stop. Do I need to do anything about software or just leave it?

Anonymous said...

I got this virus 2 weeks ago. The safe mode does not working. Restore it was not working either. Have to set the clock forward 7 days. Then use Malwarebytes Antispyware to clean out the virus. It work after all. Thanks.

Anonymous said...

Hello I tried what the post says I did the system restore but when the computer restart it pops a message saying that it couldn't restore and I still have the vista antispyware icon on my desktop I entered the key and it stop the annoying mesages but I'm concern that the virus is still on my computer also my icons on my destop won't open please help me I'm desperate

Anonymous said...

Ok I installed exefix.reg.I'm running malwarebytes' right now. I was wondering what is exefix.reg? Should I remove it now? I can't seem to find info on it.

rey said...

i can't even open internet explorer or firefox, so how do i copy the text and paste on to notepad

Anonymous said...

I contracted this yesterday. Running fullscan with Malwarebytes currently (which I had installed previously) but it's finding nothing yet and the popups keep coming up. I still have access to the internet right now

Anonymous said...

Thank you for this blog, it proved very helpful. Avast system scanning picked up malicious files and deleted them, and then ran a boot scan which took hours but cleaned the system out.

More should be done to identify these losers and prosecute them. If I ever meet a virus creating geek, he'll be black and blue within seconds and hundreds of miles from the nearest hospital...

Anonymous said...

THANK YOU SO MUCH.

Anonymous said...

thank you for the info as I am not very tech savvy. I did have to download the exefix on a flash drive via another computer to then put it on my laptop as I was not able to open Internet Explorer after I restarted my computer. It all seems to be fine now and I'm running the MalwareBytes scan. thanks!

Anonymous said...

2233-298080-3424 this code works

Anonymous said...

dam they sure did get us all good...

Anonymous said...

thanks for the advice! it worked

Anonymous said...

I thought for sure my pc was hacked somehow. thankfully my friends told me to type in problem into browser and research it. I found this site and let me tell u THANK YOU. I have never had anything like this happen before and was freakin out. not very comp smart and u guys made it very simple. very much appreciated !!!!!!!!!!!

Erin said...

thanks so much for the help, couldn't get anywhere with this frustrating virus until i found your blog. once i followed the alternate removal instructions everything seemed okay within 20 minutes.
you're a legend, all the best.

Anonymous said...

I have used the code and it worked! Thanks a million. I am now scanning with Webroot Antivirus. Do you think that is sufficient?

Anonymous said...

i must admit guys, you are brriliant. i have used your instructions and all well. the code 2233-298080-3424 does the job. thank you very much, much appreciated.

Anonymous said...

I think I caught this last night. This has to be one nasty mofo as I was running both Microsoft Security Essentials and SpyBot.

I have tried everything on the instructions (running the fix.reg file) and then running the SpyBot (which I REdownloaded) and that didn't work. So I tried SUPERAntispyware and that didn't work either.

I'm at a loss for what to do and will try system restore. If that does not work I will bite the bullet and do system restore to factory settings.

If that doesn't work I have been looking at new laptops anyway and this one might see a trash can.

Anonymous said...

I have this virus n i tried malware the free version n after it scans everythng i push remove n it also remvoes but wen i restart n come bak to it..its the same..I hv also tried wat u hv said n one of the code has worked THANKS n im not getting any pop ups or anything but its still there..n wen i click on it-it says ur pc is protected..Plz i want to remove it fully completely.Im not good wit PC so plz help this seemed to help lotz of people n i wnt to also get rid of this virus.
n Thanks to u guys who r being really helpful.

Anonymous said...

System restore would get this b*tch in a heart beat but it tends to attack system restore because it knows that is how you would like to remove it. I wasn't able to open system restore and then when I opened it in safe mode with a command prompt it showed that I had no restore points. The rogue anti-spyware deleted them =(
I used a reg key on some other site to fake the program into thinking I bought it and then used malwarebytes. It seems to have recovered okay but avast pops up saying malicious file blocked , when I am not even on a website. We will see how this goes.

Anonymous said...

If you have a PC with multiple User accounts, do you have to clean each account? I assume so, because my admin account seems clean. It is only my kids accounts that seem hosed up.

Anonymous said...

I don't know ur name man but ur a life saver bro.I bookmarked this page as life saver on my toolbar :)

Admin said...

No, you don't have to clean each account.

Anonymous said...

I reset date up two weeks from today. Then restart my computer. Then reset date back two weeks from today. Restart.
That fixed it for now.

Anonymous said...

I just got it while poking around on YardBarker. It disabled all .exe functionality, and gave me the pop-ups for Win 7 Security 2012.
I went into C:\Users\(me)\AppData\Local and found nmc.exe. I changed the file extension, and that stopped the pop-ups, but my .exe functionality was still disabled, so I wound up going to Restore in Control Panel and restoring to a point a couple weeks ago.
Whoever wrote this piece of trash is truly an asshat and needs both his knees broken.

historyguy67 said...

Thank you EVER SO MUCH!!!! The alternate directions did the trick. Whew...

That was one nasty little program...I've never seen anything so devious! When I tried to System Restore, it blue screened me every time. Pure evil.

Thanks again!

Anonymous said...

Thank you so much for the info!!! That was a nasty virus. I would've had no idea what to do without this page. Much thanks!!!

Logan said...

ThankS For The Info. Very greatful for decent people like yall.
Let me tell how i got it off my daughters computer i already had spy bot S$D so i updated it (did not matter what mode i was in windows 7 antivirus 2012 was runing in all modes) then I did it with malwarebytes at the same time.
when done they both found a butt load of stuff(gotta love kids ha ha). at the end spybot couldn't remove some items asked to run next time computer started up clicked yes the reset it. It ran n i guess it work i got into system restore and restored it . no more pop ups.


Thanks again

CASSANDRA said...

MAN I DONT CARE WHAT ANYBODY SAYS .... I LOVE YOU ADMIN PERSON!!!!! LOVE LOVE ... WHO EVER SAID THOSE #'S DIDNT WORK R BOGUS NEXT TIME TRY BOTH ... THANKYOU ADMIN PERSON(S)

CASSANDRA said...

THIS IS GREAT

Anonymous said...

I found a very easy, simple, idiot-proof, FREE way to remove this a$$hole of a virus from Windows 7 in five minutes or less without

buying any software or making any regedit changes....

This method is DUH easy after you think about it.

step 1: restart the computer/laptop

step 2: press ESC to enter booting options

step 3: begin windows system restore

step 4: choose a recent date that was created by the last backup point Wwindows Update created for you (probably two or three days ago)

step 5: press enter

step 6: wait for the PC to finsh and reboot

Now the hard part: (which is definitely worth it to me)

Step 1: find these sons-of-pigs that made that virus

Step 2: painfully torture them for 2 whole days

Step 3: painfully, slowly, brutally kill them!

Step 4: leave their dead bodies outside near the center of a large city for public display as a warning to future virus makers

Anonymous said...

Thank you so much, that was a fast and easy fix. For anyone reading this who is still dealing with this virus the first removal instructions work perfectly if you follow them carefully.

AegisXI said...

Thank you Idk how to thank you enuff for this... I thought it didnt work cuz i had trouble doing this but then i realized "Oh i hafta do this!" it helped me a lot many thanks!

Anonymous said...

cant follow up with any of this stuff for i am only in highschool and dont understand most of this anyways,ive had this twice before,last year and the year before and had been able to get it out myself somehow it got smarter but if you open task manager ctrl+shift+esc go to processes and delete most of the processes ending with exe. the virus will slow for awhile or something and let you go on the INTERNET for awhile,thus giving you time to do research on the virus,good luck to everyone as i am still trying to get rid of this pain in the ass for my parents to save them from paying a virus remover-__-

Anonymous said...

Who are the fkn fools spreading this sh*t and why haven't we sent a predator drone over their house?

Anonymous said...

Can someone fix my computer and get this annoying virus off for not alot of money? and i dont know how to get it off. i can't do a system restore from safe mode, i use mcafee which wont find the virus. im not sure if i can download any of the other things. are they free and safe? because then i will

Anonymous said...

Hmm. My friend got this virus 3 weeks ago, and I took out the big guns without paying much attention to what the virus was.

I backed up all of his data for him, and reformatted his computer for him. + Upgraded his Vista to Windows 7 for free. (I purchased Windows licenses in bulk) This all took a total of about 3 hours. Most of which was just chatting while waiting for install.

I than did the standard - Be careful where you browse etc. advice. Updated all of his software and loaded MSE. (Didn't want to leave him with too much bloatware - even if they have a purpose)


This strategy is basically - lazy don't want to figure out how to remove the virus, so just clean wipe everything. [Prevention + reformat when prevention fails]

To my surprise, the same virus appeared on my relatives computer, which I had set up exactly as I did his. It seems like MSE isn't good at catching this virus?

Will telling him to just run Mozilla Firefox + Noscript be enough to prevent future infections of this virus?

Anonymous said...

So I had last week the "Privacy Protection" pop up on my username, but it wasn't affecting my husbands username. I found this site and printed off the instructions for removing it, but when I logged on to my username it was gone. My username has been find all week, except about an hour ago when I had this Vista Antispyware pop up. It isn't affecting my husbands username, but I cant do a thing in mine. Can I use these instructions under my husbands username and will it take care of it from mine?

Anonymous said...

hey can i get a simpliler set of instructions?

Lana said...

Thank you so much!!! It's been very helpful.

Anonymous said...

Thank you!! Used the Activation Code and followed each step and my computer is working properly!

Anonymous said...

Wow thank you so much!!! this saved me money and time :)

Jeff said...

Thank you so much. I did the activation code, downloaded anti-malware software, and it worked beautifully. You are my hero.

SKY said...

I LOVE YOU GUYS!!!!!

Anonymous said...

my computer basically only works in safe made now.. because of this dumb spyware crap...

Anonymous said...

Ha Ha Back in Biz ! Thanks very much, Happy Holidays to you all !!!!!

2D Logic said...

I had the problem of .exe association not recognizing properly after removal. The same as Andrew Murray described.

Thank you for including how to create the registry fix file, that solved the problem.

Anonymous said...

Just contracted this nasty virus a around 5:00 PM. Finally got rid of about an hour ago. I used the first debugged key provided here and finally got all of the pop ups to stop bugging me. Then I used my Blackberry to google solutions and found this blog. I used Malwarebytes to scan and cleaned out the "malicious software". Laptop seems to be working fine now, no more Win 7 Internet Security icons to be seen. Still a little concerned so I'm thinking of doing a system restore anyway (even after scanning twice with Malwarebytes + rebooting after). Thanks a lot for the help!

Anonymous said...

I just contracted this virus two days ago. I've gotten it before, but this time I was prepared and I had malware already installed on my computer. I ran a scan and deleted the infected files.

I thought everything was fine, but now my computer won't let me run programs. I click Microsoft Works, for example, and it says there's not a program associated with that file. I clicked my firefox icon, and a screen popped up asking me how I wanted to open the file, and if I wanted to use internet explorer to open it. Now, my computer won't even connect to the internet at all. The only way for me to access my documents is to go through my computer.

I ran a system restore once, and then again. And I ran another malware scan. Nothing works.

Any advice?

Anonymous said...

I used Malwarebytes, Spy Doctor, my own anti-virus program Avast and regedit fixes and I still couldnt access most things like Device Manager, games, apps, most programs, etc..They did fix the annoying pop-ups I was having and I was able to access the internet. I couldnt do a System Restore either because it deleted my restore points. I was frustrated and did not want to reformat my HD until I came across a post where someone mentioned a program called Combofix on a different website, http://www.combofix.org/download.php is where it can be downloaded and its free. It appears my problems are all gone. Try it out and see if it works, it worked for me.

Anonymous said...

Thankyou so much, i would never have figured this out

Anonymous said...

I just got this virus on my laptop. Windows 7 will not load in any mode. I can get to the system restore, but when I try it fails. What can I do???

Anonymous said...

Okay, so the key to make the program think I bought it totally worked.
No more annoying pop-ups...
Except for this annoying Adobe Flash Player pop-up asking for my permission to continue. It started popping up at around the same time that the Vista Antispyware started going.

& then I tried downloading Stopzilla, but then my Webroot antivirus said to not instal it. So I didn't. & It won't let me open my Malwarebytes which I already had installed on my computer.

Help, please?

Anonymous said...

I used the key that u mention, and it works perfectly
thank you

Anonymous said...

Jesus Christ. I got this bitch right around when I needed to be taking my finals on my online classes. You can imagine my hysterical crying when I couldn't load the internet and get to my online classes.
Thanks a lot. This is the only computer in the house, and if I couldn't have fixed it, I wouldn't have been able to take my finals, and I would have failed all my classes, which were expensive to pay for! You saved me a lot of money and time. I can't thank you enough.

Anonymous said...

I got hit by this one recently. So frustrating - it literally held my fairly new computer hostage at least for internet purposes.

I did a system restore and all looked good for 2 days. It reared it's nasty head again. I did a second system restore and downloaded Stopzilla immediately. Looks like Stopzilla successfully destroyed the nasty bug.

I contacted the folks behind this bug via their support while in the midst of trying to destroy it. They sent an email saying that they did not support this behavior, that it was done by an advertising partner and he had already been banned. Yeah, uh-huh. They also told me that the thing would only last about six days and then it would be gone. Yeah, uh-huh. This from the folks whose confirmation to me that my email had gone to them was 'thank you, your message has been 'send'. Yeah, uh-huh, learn English.

Anonymous said...

Microsoft Security Essentials didn't find a virus when I ran a quick scan. I followed the removal instructions and that worked perfectly. I'm now running a full system scan to see if MSE picks up anything, if not I'll see if I have any luck with STOPzilla. This virus is a real bitch!

~AKC

Anonymous said...

Got this stupid crap off my computer, but I still can't get it to work properly. Lame :/ Had to go rent a laptop.

Anonymous said...

I am frequently scanning via Stopzilla now - bout every other day. Don't want the nasty booger poking it's head up again. Gotta say, so far Stopzilla appears to have beaten it.

To the person above. I had a problem with mine not working properly after the first system restore. I did it again. Then rushed off to buy Stopzilla. It's done the job.

Anonymous said...

Earlier (like 1 hour ago) I was just on a funny site "auto corrects from iphone" and all of the sudden my browser closed and an OBVIOUSLY FAKE Win 7 Security 2012 popped up. I knew it had to be virus from my experience of always hitting the jackpot and getting virus like 2010, 2011, so on.
The first thing I tried like it always worked in the past is to go into Safe Mode with Network, but this time this shit didn't work. EVEN IN SAFEMODE, the fake antivirus popped up whenever I tried to open my Malwarebyte's (cuz it's an .exe file) and I can't.
They also blocked system restore, so can't do that either.
Now I just used the serial key you provided.. and the pop ups stopped coming! And I can finally open my Malwarebytes on desktop, and scanning at the moment :)
Thank youuuuuuuuu!!!

Anonymous said...

I cant the reg key to work for stopzilla 2233-298080-3424

Anonymous said...

Man you are amazing!!!!!!!!1

I am so sos sosososs sosos thank to you!!!

I wish you the best in the world.

Thanks for yours greatest advise!!!

my computer now back to normal

zOMBIE020 said...

For the person who wrote this

"Just simply run system restore.
For win 7 or vista users, you can find it by searching for it it in the start mode. This method also works for XP

If you can't open it in normal windows, restart your computer and while it is restarting, hold down F8. When the safe mode options open, select Safe Mode with Command Prompt. This will boot up windows with only command prompt. type in rstrui.exe and bam it runs system restore. select a date that was before the time you got the virus and you'll be good!"

A big THANK YOU!!!

This worked for me!! just got infected today and this is the second time by the same virus!!!!! the first time was on my other laptop and i lost all of my data because these people that fixed it they reformatted it and i had to pay them $120 I was really worried that i was gonna have to pay and lose my stuff AGAIN!!

THANK YOU!!

Anonymous said...

YES! Thanks zOMBIE020!

I just tried your suggestion and it worked great for vista.

Anonymous said...

Thanks. After trying many other options, the system restore option finally worked for me too.

Again, thanks for this tip.

Anonymous said...

I just got hit by this guy. I was able to use the key code, but my computer is running very slow. Stopzilla said that it caught two viruses, but I don't know. What else should I do?

Anonymous said...

Again to the one that wrote..
"Just simply run system restore.
For win 7 or vista users, you can find it by searching for it it in the start mode. This method also works for XP

If you can't open it in normal windows, restart your computer and while it is restarting, hold down F8. When the safe mode options open, select Safe Mode with Command Prompt. This will boot up windows with only command prompt. type in rstrui.exe and bam it runs system restore. select a date that was before the time you got the virus and you'll be good!"

A BIG THANK YOU !!!!!!!
did what you said and it seems to be fine, wish the ones that do this BS could stopped !!!!!

Anonymous said...

Here is what i did:

Enter safe mode without networking.

Manually entered in fake code above.

Every pop up went away and was able to enter system restore.

Boom. everything is back to normal now.

Anonymous said...

Got rid of this virus the first time with Avast.

It came back a second time and Avast couldn't find it. I managed to get rid of the pop ups. But my internet still wont work.... Running a system restore right now.. Anyone else having internet issues??

Anonymous said...

I used the reg key you posted and it stopped the pop-ups but I still can't run any anti-virus or anti-malware programs.

Anonymous said...

Thank you so much, from this very non-tech-savvy girl. I got the virus and rebooted several times which I hear sinks it in deeper, and I couldn't get online to dowload anitmalware. Thanks SO MUCH to the suggestion to turn off computer, turn on and hold the f8 button before windows starts, arrow down to "safe mode with networking on", then go to "control panel" (under start button), then for me it was "systems and security", then "recovery" to select a past date (before virus) to restore system to. Thank god! At that point I could get online and download malwarebyte and run a full system scan IMMEDIATELY and with no interruptions. I'd recommend running a full scan of your regular security system (I had to reinstall mine as the virus seemed to knock it out) and it wouldn't hurt to run SEVERAL free antimalware programs at that point. Live and learn I guess, but thank god I found this website or I woulda had to call a tech out...

Anonymous said...

I'm suspicious that I caught this damn virus on my laptop after downloading the latest adobe flash player, as I too had adobe flash windows popping up requesting permission as the same time as the Win 7 popups were hijacking, AND that was the ONLY download I had done that day-- did some research via AVG that says there's security leaks in the new adobe flash that are being exploited by hackers, check it out and be cautious with adobe flash! The Win 7 virus quickly hijacked my whole damn windows-- I couldn't task bar out, couldn't access my anitvirus, couldn't get online, and couldn't even get on in safe mode with networking. Insidious! Thanks SO much for the advice to log on in basic safe mode and do a system restore to a previous date in recovery. That finally enabled me to get online again and download the free malwarebytes.org program. I actually had to resotre TWICE tho, cuz either my whole windows was infected or the malwarebytes accidently deleted my main admin windows, but when I first rebooted post malware removal I had no windows at all and had to relog on my partners secondary account (thankfully I had one) to restore AGAIN. This freaking virus is the worst!!! Then I scanned the hell outta everything just to make sure I was clean. It didn't detect anything, and there's no signs so far, but my windows load up seems suspiciously slow... anyone have any knowlege of possible long term damage to windows or anything? Thanks to you all for ALL advice and personal stories posted, it all helps, right? lol

Anonymous said...

Does avast! antivirus remove Win 7 Antispyware 2012? If you know, could you e-mail me? My e-mail is stonecold(dot)1995(at)yahoo.com

Anonymous said...

OMG so at first i thought it was too good to be true and that i was going to download more viruses by putting in the code... and whala! I am back to NORM!! Thank you admin of this blog. I love u forever. You saved my laptop.

Anonymous said...

Used the first code, restored my system, and installed malware . Works good for now. Thanks for all your help, saved me a lot of headaches.

Anonymous said...

To the person who said they thought the virus might be attacking through Adobe Flash Player - so interesting! I was loading an Adobe Flash player update when the virus hit me. I didn't think about that until 2 days later. I did the system restore and a couple of days later I get a message from Adobe that I have updates to download. Clicked on it and BAM - there was the nasty bugger again. Another system restore and downloaded Stopzilla then. I got a couple of messages from Adobe that I ignored later but I finally was brave enough to hit it to update. This time it came through with no problems.

Anonymous said...

I'm trying to follow the removal instructions, but I'm getting stuck at the 2nd step. I went into the app data local folder, but im not sure which one i'm suppposed to rename. I understand you said it's a different name for everyone...i want to make sure i'm renameing the right one, so i don't screw my computer up even more. thank you for your help

Anonymous said...

The code i put in for the spyware is not working. i tried the original and the second one.

lindzgiggles said...

i still can't remove the win 7, xoftpyse doesn't find it and neither can i to uninstall it! help

lindzgiggles said...

I still can't remove win 7 nothing is picking it up and I can't download avg or anything help please

Annie said...

Okay, I need help.
I tried to follow the instructions, found the hidden folders, and renamed oim.exe (the virus) to oim.vir. I restarted my computer, tried to access the internet and my anti-spyware, and Windows says it can't find any programs. I can't open any .exe files, it seems (but they are there, because when I tried to open FireFox, it asked me if I wanted to search online for the file, it opened FireFox, and I can browse. Yeah...)
I tried to download Malwarebytes, but when I tried to run the .exe to install after he download, it said it could not be found.
(Oh, oim.vir is still sitting in my :C/user/appdata/local, I wasn't sure if I should delete it or not, but the pop-ups are gone)

Any suggestions?
-Annie

Anonymous said...

SO now I can't even get the pop ups to pop up, needs a file to open? System restore does not complete ;-(

Anonymous said...

so i was an idiot and skipped step 3/4/5 and went to step 6 and now comp wont start with error message "STOP: c0000135 the program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem."

any help?

Anonymous said...

I got the pop ups to stop with the serial number way on top... No more pop ups. But should I still download Malwarebytes to run a full scan with that? I already used spybot and i dont have any more problems. Thanks!

Anonymous said...

Do a google search on fixNCR.reg which will fix the exe association for you. If you cannot open Firefox, instead a dialog asks you to choose an executable, browse to firefox.exe and select open.

Anonymous said...

The question is which process is responsible for letting this nasty trojan to enter my computer in the first place? Firefox, IE, or Chrome?

Anonymous said...

My laptop has a bad case of this virus. I normally don't use the laptop much, my 13 yo son primarily uses it to play Minecraft and I assume one of the files he downloaded gave us the virus. But I could do nothing at all on it - no browser, no anti-malware, no system restore. Tried booting in safe mode, still got the popups, couldn't do system restore, couldn't run anti-malware. Started in safe mode with command prompt and got the popups, but was at least able to run system restore. Once the computer rebooted, however, I still had the popups and had a message that system restore didn't finish due to an unspecified error. I tried the second registration key and it was invalid. Tried the first one and it worked. It stopped the popups and I can connect to the internet, but I still can't run my anti-malware software.

Anonymous said...

Dear adnmin, I am thankful for the help I received from your post. With the key I was able to connect to the net. But i was unable to run any antivirus programs. I gave a tryto system restore, but I am in trouble now: it has been an hr the system restore is still initializing! Any suggestions would be greatly appreciated!

Anonymous said...

I want to know how it got on my computer! I run as a limited user on Win7 Ultimate and always update latest patches. Using IE9, latest patches, etc. Everything's up to date and brand new.

A few days ago I saw an advertisement come up on a "popular" website and then -bang- I had the fake antivirus. I never had a UAC prompt! I cleaned it off using "advanced" methods. This morning I went to another website (soda company's rewards site) and -bang- got the same virus/malware again! No UAC prompt either.

Now I've fixed it again (system restore, file deletions, HJT, OTL, etc) and have disabled my flash add-in (Tools/Manage, "all" from dropdown, and disabled Flash). I won't use Flash again (latest version 11.1.102.55) until they fix this.

Anybody know how it's getting past UAC?

Arthur said...

This malware have wasted my whole day trying to get it off.
here is how i do it
insert the purchase code that stated above and I am able to connect to the internet
after that i download malware bytes and run as administrator and after scanning and removing it the problem is solved
I would really want to kick the ass of the person who created it!

K-Ryder said...

For those that never did the system restore ever and cant do it. This is what I did. I did task manager found the program and then select open containing folder. Found it and deleted it. Then I went on to firefox and entered where the file to start it up. Went to this site found all the how to's.

Now in order to get regedit to work, you have to go straight to the CMD box right click it and run as admin.

When the box opens up type in the exact words between quotation "regedit.exe" The program will run since its a direct command. Now as listed above when it says to delete the registry. Do it.

Now will your programs run, no not yet. Click on where it says 6. Open Internet Explorer. Download "exefix.reg" and save it on desktop. Now go to regedit, click on import, and find the file that was downloaded. Click on it, and it'll import it. Exit out of the program. Log off and then log back on. And you're programs will work normal again.

That's how I did it. My system restore was never created, so I had to do it the old fashion way. And it worked.

Anonymous said...

I posted the anon comment at 7:11 pm on December 26 - I was finally able to download and run Spybot Search and Destroy after entering the fake activation code. It showed that it found what must have been this virus, but even after saying it was removed, it was still there on restart (the icon kept showing up in the bar at the bottom right of the screen, by the clock). I was unable to use my already installed copy of MBAM. Today I booted the laptop back up and tried again with MBAM. (I also tried to start Firefox but I got a message "program not found." which I've never gotten before.) MBAM started up - it updated my virus definitions and version of the program. Then I did a deep scan which took almost two hours. The results showed a long list of malware, some of which were called "browser hijacks". I assume those were this virus! I removed them all and restarted and voila! The virus appears to be gone.
I'm running Avast Anti-Virus free and wonder how this virus got past that.

testingdrp said...

Is there another name for rstui.exe on Vista? What directory should I be in? Programs/System32?

Anonymous said...

just restarted in safe mode then restored to a week earlier it worked fine, windows 7

ariel said...

omgsh!!! thankyou sooo much!!!! i can finally access my computer files and internet without popups from the false security scanners. thankyou!!!

Anonymous said...

FYI, the debugged serial key 3425-814615-3990 to register the rogue application in order to stop the fake security alerts, did work for me. From a previous post : " Just click the Registration button and then select "Activate manually". I was able to activate and now in the process of doing a full scan with SP S&D. What a pain in the ass.

Anonymous said...

This fixed the virus, win7 antispyware 2012, but not the bundle of other viruses it installed. I discovered that when my fan sounded 24/7 ALOT. The problem turned up to be a virus called Coingenerator or something like that, which used the four cores on my computer to generate some bullcrap. I reinstalled Windows completely and flashed new bios update, think that's the only way to get rid of everything.

Anonymous said...

I have an antivirus program and didn't detect this...

Anonymous said...

Running a 200s Lenovo laptop, with Win 7 64b. This virus runs the fake screens when attempting to run any program, INCLUDING regedit. One can track the process, and delete as it pops up under task manager processes, but still unable to run anything to remove, including file explorer, browsers, regedit, text editors.

Anonymous said...

my avira antvirus detected it and quarantined it, but now everytime i try to click on internet explorer or my antivirus it says application not available.

Anonymous said...

2233-298080-3424 was what I tried first and it did not work. Serial key 3425-814615-3990 worked!

Anonymous said...

It worked perfectly for me. Tanks a lot!!!!

Anonymous said...

Thank you so much! All other methods could not work.

Anonymous said...

Thanx a lot. It worked really well

Anonymous said...

the key worked on the fake "vista" but then when i downloaded the spyware program from the recommended link, everything got worse and i cant open programs and cant go to any websites.Any suggestions?

Anonymous said...

I guess Im the only one this happens too, but I have ESET Smart Security, and I ran that, n it gets raid of the virus, but when I reboot my computer I cant run any .exe file at all, not to download nothing, or open notepad, or anything. I go to safe mode and restore it, but when it restarts the "open With" box still pops up. How do I make the .exe files work again

Anonymous said...

Thank you! I used the code and then was able to restore. I then ran Security Essentials and Malware Bytes. All is well. WOOO. Thanks.

Anonymous said...

I just got this stupid thing. it also seems to come with icv.exe or something. I found it in a random folder. I am printing this blog then taking it home, going to try these options, I loaded all these extra multiware stuff onto a flashdrive so hopefully I can get this taken care of.

Laura

Anonymous said...

Thanks for the incredible information and assistance. I logged in the fake key, was able to download spybot, and it took care of the turd. I then did a system restore.

Hopefully it's all good....it sure appears to be.

I don't know who is responsible for this site/blog, but I can't thank you folks enough for having a no-BS-must buy my fix-solution.
You guys Rock!

Keith
Squealers

Anonymous said...

I'm not sure if all the virus is removed with the standard av progs & apyware scanners, until running a couple root kit / boot kit removal program before boot from a seperate bootable drive.
Wish you guys all would quit spreaking some things.

Anonymous said...

Thank you for this blog, this key worked for me. Thankfully I have internet in my phone so I could find this. This stupid bug wouldn't let me browse or anything. I have avg & none of the "threats" showed up in that scan. I am now in the process of running spybot & downloading a malware program to get rid of this

Unknown said...

yes, whoever created this blog, i hope you have a job working for the CIA or something! You are a very talented, smart person! Thank you so much for sharing your knowledge with us!! I have read everything and will try all this on my other computer!

Thanks again!!!
Angela

Anonymous said...

i tried the code and it didnt wrk wat am i doin wrong

Anonymous said...

Right click on one of them and select "Properties". A window will pop up and under "Type of file" if it says .exe then that is the one you need to rename. If not, try another til you find it.

Admin said...

Try this code 9443-077673-5028

Anonymous said...

You all are absolutely amazing! I am so thankful for your help and for making it easy for us "technologically challenged!" I literally did everything verbatim and it worked like a charm :) one piece of advice though; when you're saving the fix to your desktop, make sure you choose "all files" because mine defaulted to "txt" files, so when I clicked on it to make sure it worked, it said "path not found" (so hopefully this helps another technologically challenged person in the future). Other than that for me, it was smooth sailing. Thank you, thank you, and thank you again!!
Have an awesome day :)
...Shawn

Anonymous said...

In my case, in the Task Mananager, it was listed with description of "Microsoft HyperLink library".

Great blog! Thanks!

Anonymous said...

THANK YOU SO MUCH!!!
I almost had a heart attack trying to get this off my computer and the program was stopping me from using my anti virus software.
THANK YOU!!!

Anonymous said...

i cannot run Malwarebytes or anything else once this virus attacks me. Malwarebytes is suppose to catch it, and it doesnt.

Anonymous said...

Got the virus through fastpasttv.com – when searching for Vampire diaries – and choosing the suggested link
On my vomputer - it appeared as vvc.exe in my computer and as Microsoft HyperLink Library in task manager - when deleting the vvc.exe all .exe files were blocked - then I restored the system using the ESC to select bootorder - chose the system restore option and it works!

Anonymous said...

I guess I got this virus when I downloaded a Flash Player file from the internet, because it just appeared after I opened the Flash Player file in Chrome

Anonymous said...

Can someone please tell me how to remove this virus? I did system restore and then rebooted my computer and the virus is still there. Everytime i try to open IE i'm getting a popup thats saying "choose a program to open this file. I'm getting really pissed off!! Please help me with this,Thanks so much in advance

Anonymous said...

Thank you very much....had this virus today and used ur activation code and my computer was back to normal....

Anonymous said...

Just Typed in the code 9443-077673-5028 Worked perfectly now i have no more problems, thanks!!!! This bastard program has gotten on my computer twice now and the first time i had to reinstall windows and i lost EVERYTHING i had, definitely taught me to back up everything i had.

Anonymous said...

Amazing... this was of great help.... Frens just follow the steps blindly and u will be thr with ur problem... Thanks guys

Anonymous said...

What a life saver thank you so much. I wasn't able to do anything or transfer files so this was huge.

DG MAN said...

Its work. Thank you so much......

Anonymous said...

Where is this "registier manualy"