Thursday, December 22, 2011

Remove Win 7 2012 as a generator of false positives

Win 7 2012 rogue family (Win 7 Security 2012, Win 7 Antivirus 2012, Win 7 Antispyware 2012, Win 7 Internet Security 2012, Win 7 Total Security 2012 and Win 7 Home Security 2012) reports numerous intentional false positives. The reports are aimed at scaring users into treating their computers deadly infected. As a matter of fact, as long and as soon as you see any messages on behalf of the above program, consider your PC affected badly. Fortunately, the infection is not deadly, unless tolerated for critically long time, which, in its turn, requires incredible patience and calmness from person using computer system with the planned false positives finder installed.
To get rid of Win 7 2012, apply free scanner available here. The solution also helps fixing other security problems as detected by true security inspector. Win 7 2012 removal will be performed under technical name assigned by free scanner, other than displayed in the fake antispyware popups.


Win 7 2012 braviax rogue family screenshots:


 

Win 7 2012 manual removal guide:
Delete infected files:
%AllUsersProfile%\
%Temp%\
%LocalAppData%\
%LocalAppData%\.exe
%AppData%\Microsoft\Windows\Templates\
Delete infected registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'ah'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah
HKEY_CURRENT_USER\Software\Classes\ah "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\ah "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\ah\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"

No comments: