System Security 2012 - it is fake antivirus. Only money ransom.
Files are created:
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Application Data\rCC66jQAXymZtn3\System Security 2012.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Desktop\System Security 2012.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Security 2012\System Security 2012.lnk
C:\WINDOWS\system32\pttggOL3r.exe (It's random file name)
C:\WINDOWS\system32\System Security 2012v121.exe
Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gXX5yhmP4tnLrI28234A" = "C:\WINDOWS\system32\D888oFB8lEViW6j.exe"
"PDVV8olDViWCuQh" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"
Random key names.
To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.
Run and install it.
Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.
When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.
I hope this guide helps you :)
Files are created:
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Application Data\rCC66jQAXymZtn3\System Security 2012.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Desktop\System Security 2012.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Security 2012\System Security 2012.lnk
C:\WINDOWS\system32\pttggOL3r.exe (It's random file name)
C:\WINDOWS\system32\System Security 2012v121.exe
Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gXX5yhmP4tnLrI28234A" = "C:\WINDOWS\system32\D888oFB8lEViW6j.exe"
"PDVV8olDViWCuQh" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"
Random key names.
To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.
Run and install it.
Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.
When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.
I hope this guide helps you :)
