Monday, January 23, 2012

Smart Protection 2012 - FAKE AV - ROGUE

Smart Protection 2012 - FAKE AV - Removal Guide


Files created:

C:\Documents and Settings\<UserName>\Desktop\Smart Protection 2012.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\Smart Protection 2012\Smart Protection 2012.lnk
C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe




Register edit:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\<RandomNumericName> C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\DisplayIcon C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe,0
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\DisplayName Smart Protection 2012
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\ShortcutPath "C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe" Uninstall
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\UninstallString "C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe" Uninstall

How to remove Smart Protection 2012
First of all you should download anti-trojan software Trojan-Killer.


Virus can block any runing programs. But you can rename install of trojan-killer to "explorer.exe" and it's should be run normally.



Run and install it.



Upon completion of installation, uncheck the Launch GridinSoft Trojan Killer checkbox and click Finish.



Why we did not run Trojan-Killer after installation? Becouse Smart Protection 2012 block all application exclude explorer.exe.

Next step to delete Smart Protection 2012 will be rename of Trojan-Killer to explorer.exe :)
Go to the folder where Trojan-Killer installed and rename "trojankiller.exe" to "explorer.exe".


Then you can run Trojan-Killer and scan your system.

When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



No comments: