Arief Prabowo

Antivirus Protection 2012 Rogue Removal Instructions

Recommended Posts

The Emsisoft malware research team has discovered a new outbreak of the Antivirus Protection 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.AntivirusProtection2012.

Antivirus Protection 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Antivirus Protection\
%AppData%\Antivirus Protection\IcoActivate.ico
%AppData%\Antivirus Protection\IcoHelp.ico
%AppData%\Antivirus Protection\IcoUninstall.ico
%AppData%\Antivirus Protection\securityhelper.exe
%AppData%\Antivirus Protection\securitymanager.exe
%AppData%\Antivirus Protection\AntivirusProtection2012.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk
%UserProfile%\Desktop\Antivirus Protection.lnk
%Temp%\472a10e2ebxd9.exe
%Temp%\56493.exe
%Temp%\ae0965a7157cd.exe
%Temp%\al3erfa3.exe
%Temp%\alerfa2.exe
%Temp%\alerfa.exe
%Temp%\altedf.exe
%Temp%\aqfitrlxi2.exe
%Temp%\backd-efq.exe
%Temp%\brdss.exe
%Temp%\bzqa43d.exe
%Temp%\cffd4.exe
%Temp%\cocksucker.exe
%Temp%\cosock.exe
%Temp%\cowceb.exe
%Temp%\cunifuc.exe
%Temp%\d20mes.exe
%Temp%\dc_3.exe
%Temp%\dd10x10.exe
%Temp%\ddoll3342.exe
%Temp%\destroyer.exe
%Temp%\dffuck.exe
%Temp%\dkfjd93.exe
%Temp%\ds7hw.exe
%Temp%\eelnvd13.exe
%Temp%\exppdf_w.exe
%Temp%\fadz43.exe
%Temp%\fe.exe
%Temp%\format.exe
%Temp%\g_dx234.exe
%Temp%\ggwwef9752.exe
%Temp%\gpupz2a.exe
%Temp%\hhbboll_2.exe
%Temp%\hiphop.exe
%Temp%\hodeme.exe
%Temp%\htfad4.exe
%Temp%\hvipws9.exe
%Temp%\jdhellwo3.exe
%Temp%\jkfuckfu.exe
%Temp%\jofcdks.exe
%Temp%\kjdh_gf_jjdhgd.exe
%Temp%\kjh102k3.exe
%Temp%\kn.a.exe
%Temp%\kock.exe
%Temp%\ljts-23.exe
%Temp%\lkhgg_ea.exe
%Temp%\lols.exe
%Temp%\ploper.exe
%Temp%\poertd.exe
%Temp%\ppddfcfux.exxe
%Temp%\protector2.exe
%Temp%\pswwg3c.exe
%Temp%\puzpup.exe
%Temp%\qwedvor.exe
%Temp%\qwklrvjhqlkj.exe
%Temp%\r0life.exe
%Temp%\rator.exe
%Temp%\rtfme.exe
%Temp%\safe.exe
%Temp%\snowif.exe
%Temp%\sycre.exe
%Temp%\timem.exe
%Temp%\tryh-blv.exe
%Temp%\w32-reno-c.exe
%Temp%\w32rim_mem.exe
%Temp%\warsddd_w.exe
%Temp%\wefgetn_00.exe
%Temp%\wined.exe
%Temp%\winifi.exe
%Temp%\wrcud12.exe
%Temp%\wrfwe_di.exe
%Temp%\wwautrsd.exe
%Temp%\wwwsssgen.exe
%Temp%\_5.tmp
%Temp%\1iowieoo.exe
%Temp%\02c9c3c35bdx5.exe
%Temp%\8gmsed-bd.exe
%Temp%\17dkf.exe
%UserProfile%\Start Menu\Programs\Antivirus Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Protection\
%UserProfile%\Start Menu\Programs\Antivirus Protection\Antivirus Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Protection\Help Antivirus Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Protection\How to Activate Antivirus Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Protection\Activate Antivirus Protection.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Antivirus Protection\
(Default)  = %AppData%\Antivirus Protection\
BuyUrl = B65B17E3F9DA41446905D3BE0E550632B225D0DB132371E38F96D84D2B2F0
uninstaller = %AppData%\Antivirus Protection\securityhelper.exe
ADVid = 390
InstallDir = %AppData%\Antivirus Protection\
SoftID = Antivirus Protection
ScanSystemOnStartup = 01000000
AutomaticallyUpdates = 01000000
BackgroundScan = 01000000
BackgroundScanTimeout = 01000000
tb = DC07020003001600060012002800BF02
InstNM = %AppData%\Antivirus Protection\AntivirusProtection2012.exe
LastTimeStamp = D9FFFFFF
LastUpdateDate = 2012/2/1

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Protection\
DisplayName = Antivirus Protection
UninstallString = “%AppData%\Antivirus Protection\securityhelper.exe” /UNINSTALL
DisplayIcon = “%AppData%\Antivirus Protection\securityhelper.exe”,1

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
cbrdwlurumf5 = D:\!Mal\123.exe
Antivirus Protection = “%AppData%\Antivirus Protection\AntivirusProtection2012.exe” /STARTUP
Antivirus Protection 2012 SM = %AppData%\Antivirus Protection\securitymanager.exe

Screenshots:

Rogue.Win32.AntivirusProtection2012_1-400x319.png

Rogue.Win32.AntivirusProtection2012_2-400x315.png

Rogue.Win32.AntivirusProtection2012_3-400x358.png

Rogue.Win32.AntivirusProtection2012_4-400x211.png

To register and uninstall this rogue application, you can try the following serial number:

LIC-00A5-3F5G-BHA5-KJB8-579F-CVH9-M935-QW45-89M5-19AB

How to remove the infection of Antivirus Protection 2012 (Rogue.Win32.AntivirusProtection2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.