Antivirus Protection 2012 - How to remove?
Antivirus Protection 2012 is another clone of fake security applications mimicking Windows Defender, a legitimate anti-malware program by Microsoft. It belongs to the same family as Security Defender and AntiMalware Defender, and is a resurrection of a less active branch of malware.
Like other parasites of this family, Antivirus Protection rogue is distributed by malware that infect legitimate pages, windows vulnerabilities and various downloads bundled with trojans. Usually this type if viruses pretends to be anti-virus software and users install them just by clicking on advertisements, downloading unsafe files and installing downloads bundled with trojans.
First, Antivirus Protection 2012 closes majority of windows that are open to draw attention to itself. Second, it will start showing various alerts to convince you that your PC is heavily infected with spyware, malware, trojans and other parasites:
Antivirus Protection 2012 Firewall Alert
Your computer is being attacked from a remote machine!
Block Internet access to your computer to prevent system infection.
Attacker IP: [ip address]
Attack type: RCPT exploit
Antivirus Protection 2012 Firewall Alert
Suspicious activity in your registry system space was detected. Rogue malware detected in your system. Data leaks and system damage are possible. Please use a deep scan option.
Antivirus Protection 2012
Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with Antivirus Protection 2012.
If ignored and left on your computer, it will continue its aggressive campaign and will display more alerts:
Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Do you want to block this suspicious software?
Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to a remote computer!
Warning! Unauthorized personal data transfer is detected! It may be your personal credit card details, logins and passwords, browsing habits or information about files you have downloaded.
To protect your private data, please click “Prevent Connection” button below.
You have been infected by a proxy-relay trojan server with new and danger “SpamBots”.
You have a computer with a virus that sends spam.
This is a mass-mailing worm with backdoor thus allowing un-authorized access to the infected system.
It spreads by mass-mailing itself to e-mail addresses harvested from the local computer or by querying on-line search engines such as google.com.
The IP address that YOU are getting from Internet Service Provider (ISP) for YOU personal computer is on some major blacklist.
Your computer has been used to send a huge amount of junk e-mail messages during the last days.
You IP will be marked in the Police log file as mass-mailing spam assist.
Upgrading to the full version Antivirus Protection 2012 it will eliminate the majority of Spam attempts.
Despite these warnings, your system is not attacked by hackers directly, although the claims about infections are partially true: you are infected with trojan promoting rogue antivirus. If you wonder why it is done so, it becomes clear after you try running system scan with it: You are asked to provide credit card details to remove all the threats like Win32/GameVance, Win32/Yektel.A, Win32/FakeXPA or Win32/Renos.JI. You will not be able to remove these threats manually, as paths to these files are nonexistent, or it will show infections in legitimate files. Thus, this separates fake Antivirus Protection 2012 from real commercial removers that never install without user’s consent, uninstall normally when asked and provides full information about detected malicious files. You should never pay for such software, and it is better to remove Antivirus Protection as soon as noticed on PC.
Special Antivirus Protection 2012 removal instructions
Although Antivirus Protection 2012 might disable legitimate anti-malware programs, do the following to overcome this problem: Go START -> RUN and insert there taskkill /f /im rundll32.exe. Note that you should keep all the slashes and gaps! In addition, you can try to use Antivirus Protection 2012 registration codes: D13F-3B7D-B3C5-BD84 or LIC-99D0-1239-KJAS-354S-SQD4-CJKF-KF67-GJ78-FGHK-ZDU6. If you enter that code in its activation section, majority of alerts and disturbances will be disabled. However, you should do a full system scan with Spyhunter, spyhunter, Malwarebytes Anti-Malware or other anti-malware tool to detect the trojans comming with this malware and delete its .dll files. Also, due to trojans distributing this malware, do not forget clean up HOSTS file from redirects.