Removing Antivirus 2012

This nasty bug has been popping up on more and more computers.  It installs itself by drive-by-downloads from malicious sites, popups and ads.  Browsers susceptible to the venerability such as internet exploder.

The virus it loads is a TorjanDropper “Siredef”

It’s tale signs of existing is look-alike virus screens telling you that your computer is infected and you can clean your computer by registering the Antivirius 2012 software.  It also goes by “Vista Antivirus 2012” “Windows 7 Antivirus 2012” etc etc,

It’s a pain to remove but can be done.  Reboot your computer into safe mode (press F8 as the computer starts up) and as soon as the computer starts, click on the start button, and in the search bar go to

c:\users\_username_\appdata\local

be sure and chose the proper username.  it should be the one of the current user that’s logged in.  look for a file at the end of the list that is a three letter program.  The virus uses random letters so it will be mew.exe, ljh.exe cam.exe, etc etc.

Once you’ve located the file name of the virus, you’ll need to reboot in safe mode again and this time click on start, in the search bar type regedit.  this will launch the registry editor.,  Press CTRL-HOME to go to the top of the registry.  Then press CTRL-F and in the search bar type the name of the three letter virus.  Be sure and add.exe at the end of the file name.

the values will have the text

c:\users\username\appdata\local\abc.exe -a “%” “%” or something similar.  Erase the entire path and file name, as well as the -a  from each string.  After you’ve done one press F3 to go to the next and continue.  You may get a few hits on “script profile” you can skip these.

Once the last is done reboot.

After restarting go back to the location of the virus (c:\users\username\appdata\local) and delete the virus.  Be sure and restart your normal antivirus program and do a full scan.  And quit using internet explorer.