I got a virus called "Win 7 antivirus 2012" It killed my win defender

I got a virus called "Win 7 antivirus 2012" It killed my win defender

A few days ago i got the nastiest virus on my machine i have ever seen.

It didn't slow my machine down any due to my having more cores and ram than i could ever use

But it got all executable files and redirected them to the virus.

It also new exactly were to hit my comp disabling my internet explorer\firefox killing my windows defender getting through my firewall and disabling most control panel programs.

I was able to get my comp back thanks to this website
i had to look at in on i different comp though.
Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)

It saved me disabling the virus long enough too get control of my comp to resolve the problem.

But sadly the virus damaged my windows defender and it has not recovered.

I went to the windows website to download windows defender but Microsoft wont install it due to it thinking it is already installed.

It is not listed in add\remove programs.

I looked in turn windows features on or off and it was non existent there as well.

So after a long day of head banging i called it a day.

At least i got my comp back up to full speed

So if you guys have some pointers i would be appreciative

P.S. From my experience it was pretty complex. It knew exactly were to hit plus it posed as an anti virus program so a less experienced person would have believed it.

Hello Geek,

If you are sure you've removed all traces of the virus, follow these tutorials to see if they can fix anything: http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html & http://www.sevenforums.com/tutorials/681-startup-repair.html

Might consider using this saftey scanner from MS: Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

What antivirus are you using? Are you practicing safe internet browsing?

Thanks for the reply i will look into those links.

As for me i am pretty sure i got rid of the hole thing

I use very safe internet browsing habits with firewall etc etc. I just got on the internet to Google up some history about wwII and the next thing i know win 7 antivirus 2012 gets on there and starts making a mess of my comp.

As for antivirus i went with windows defender and spybot search & destroy for most of my probs but after this virus i got malwarebytes trial addition avg and a few other things. Just trying things out to see what i like

All my safety stuff designed by windows got ether disabled or trashed.

Geek,

defender is automatically disabled (becomes obsolete) when an antivirus is installed. However, you are only ever supposed to have 1 antivirus installed at a time (Malwarebytes isn't an antivirus and is fine to be coupled with an Antivirus program). The reason is that they tend to 'get in the way' of each other and can cause even more problems, including being less effective and running over each other.

Also, you should only remove them with their uninstaller tool (can google uninstaller tool avg as an example for avg). I recommend never using AVG as it is just terrible. It alone causes its own set of issues, many of which I've had to help others fix. And can't spybot search and destroy be a bit vigorous and overpowerful? Be very careful when using it, you might delete something you'll regret.

use avira it has a high detection rate for a free antivirus
Avira anti-virus for private users
click were it says avira free antivirus not the paid for ones and if it ask you to do a survey just deny it and get the free one

Neither Windows Defender or Malwarebytes is an anti-virus program! Microsoft Security Essentials is an Anti-virus program and includes the properties of Windows Defender.

Download: Microsoft Security Essentials - Microsoft Download Center - Download Details

Thanks for all of your replies

I tried the elevated command prompt in verifyonly mode and it came up with nothing

If this helps any when i try to start windows defender i get: "The specified service does not exist as an installed service. (Error Code:0x80070424)

Meanwhile i will look into seeing if i can ether replace missing files or reinstall from the win defender on another comp

You might want to take a look at some of the information posted on a similar thread for the Win7 2012 bug seen at http://www.sevenforums.com/system-security/205863-win-7-antivirus-2012-virus-removal-help.html

computergeekguy said:

...If this helps any when i try to start windows defender...i will look into seeing if i can ether replace missing files or reinstall from the win defender on another comp

Click to expand...

As DustSailor pointed out, if you have a worthwhile AntiVirus program installed it is disabled by design. I would try Microsoft Security Essentials - Free Antivirus for Windows to go along with Spybot and the regular MalwareBytes scan.

Thanks guys for all of your help i have done a little researching about windows defender and there was a similar person that got exact same virus and it killed windows defender on his as well.

I will look into Microsoft security essentials and i think i will give up on windows defender due to i got a virus on another machine today and windows defender was pretty worthless on both accounts.

P.s. WHAT IS UP WITH ALL THESE VIRUSES i have never in my life had such a problem as i have this week and i practice very safe browsing techniques. And on both instances it has been a huge battle for hours on end fighting to get my comp back.

Both viruses deleted windows shortcuts disabled programs and have been putting up one heck of a fight.

I'm sorry if i sound aggravated but wouldn't you if you recovered from one virus just to get nailed by a nastier one the next day?

Luckily for me Ive almost got virus number 2 beaten but i still have some work before i can declare complete victory. icnic:

But anyway thank you for your advice and help.

m.s.e. will probably be a good addition to my security system

And BE CAREFUL ON THE INTERNET these viruses have proven to be very sneaky! Even for the more advanced of security systems.

One thing I'll add is that one of the people I thought I had cleaned this sucker off of had it come back about a week later. (Or maybe she just got reinfected...) The second time around I did deep scans with several different standalone virus sweepers. The first one (Malwarebytes) cleaned a bunch of stuff out. A later pass with the standalone version of MSE (from a bootable CD) found remnants of it in her Java cache. First thing I did when I got back to my computer was clean my own Java cache - just in case.

I don't get hit with any! In fact if any old download contains a bug hidden in a zip file but never opened like a few found here for old XP utilities the present av program will find and remove them completely. It also sees an effective firewall with web filtering.

Another free tool however you can add on to alert you to bad sites which is one reason you are seeing more then one is called Web of Trust which is an IE addon that flags bad sites with a red icon. Now places like SF of course will see a green one for safe!

WOT is great. I stuck that and Firefox on the machine belonging to the person I mentioned above.

Computer guy,

Windows Defender is not an antivirus, and never was. naturally its effectiveness in removing viruses will be limited. Think medieval shield against missles. Not everyone is gunna shoot ya, but when they do... Ka-Boom. Sheild won't save you.

Virus found in the Java cache directory

I would just remove java though, too dangerous. Recent java attacks have been reported, but they should have released an update for it (java).

I meantioned that I was infected myself with a similar (if not the same) virus, even with MSE. MSE caught it after an update and removed it, but it was via java. As I never use java, I have just removed it.

The WDefender was simply a rather weak antispyware tool compared to other programs just so Windows would have something if a user never installed any protections at all and still browsed the web.

AVG and Clam av each came up with their own version of an IE security bar to alert to bad sites you would use along with WOT as adding a layer of protection without cost. The Crawler Toolbar doesn't require the Clam av to be installed however while with AVG the toolbar is an option along with the free version of the program.

Web filters and av but still no anti-malware protections. No anti--rootkit blockers for one example. For that you add one or two more programs on and you may have a strong shield? Or the detection and removal still isn't quite there yet. Java, Adobe, and other things often need updates since those will have flaws and let things in.

The best defense turns out to be the best offense by filtering bad sites using a program that detects and flags malicious code immediately. You'll tend to find this more in the retail programs however for internet security as well as having a good firewall inplace.

The other thing is having a program that can effectively spot changes like recoding attempts by malwares in files system and otherwise on the drive(s). Once you have any infection consider all system restores infected as well and turn off the System Restore feature until all traces are removed. If you can create and store a full system image that's even better since you won't have any worry about wiping your drive clean.

Thanks DLP for the heads up. I have followed directions here I downloaded xp security 2012 and I need to remove it. Can i do it myself or do I need a professional? - Yahoo! Answers to clean XP antivirus 2012 off my XP computer, is there anything else I should do?? Or just keep make sure I don't get reinfected?

there are some tips mentioned here which are shared by one of my friends who got this virus and got it fixed finally: Writings, Views, Reviews and Softwares Reviews: Win 7 Antivirus 2012

Once you have any infection consider all system restores infected as well and turn off the System Restore feature until all traces are removed

Click to expand...

This really isn't a good idea ... if something should go wrong during the cleaning of malware, a 'dirty' restore point to return to is better than nothing at all

It greatly depends on the malware itself. The usual recommend for viruses especially the self replicating type is dumping all restore points once you have the bug totally removed and manually create a few new ones to start off with. You wouldn't be worried about restore points while the machine is still seeing an active infection of some type.

The first thing I would recommend for any one with an extra drive and enough space available running 7 is to create a full system image to keep safe on the other drive. The reason being some of these newer fake antivirus/antispyware programs will effectively break the present Windows installation on a machine despite a complete removal of the malware itself.

I've run into this lately on a few systems where the system registry was too far gone even with the fake program/I-Worm completely gone the installation was unusable. Some of these malwares now being seen are far more advanced in how they work. Unless you can manually go through the entire registry once struck by one of these to find all the changes made a restore point would also have to be considered possibly toxic as well resulting in reinfection.

On one machine the I-Worm that looked just like a spyware remover went as far as creating a new admin account to lock the user/owner out totally! We managed to get into safe mode long enough to create a desktop shortcut for the VIPRE Rescue Program one of the more effective stand alone(doesn't install - runs completely out of temp folder).

That was able to clean up the Windows install seeing the bogus admin account deleted and later the drive was swept with the main av program but the copy of Windows on at the time was done for! That was seen on an older XP machine and later on a Vista laptop where again the I-Worm/fake program was totally removed but you couldn't use the Windows installation there either.

Once the drives on each machine were wiped and adequate protections were added on neither one has had any further malwares to be concerned about. But it did show that some of them are better written with the intent to make the OS unusable after any infection. And sure enough too many problems suddenly appeared after that malware was long gone!

This is where having a disaster recovery plan of some type is best advised. If the malware buries itself too deep you can be faced with the need to wipe the drive and start over fresh if you don't have an image you can restore. It stinks for those running one drive systems without an external drive for an image or simply to back things up on.

On that XP desktop I had to download the VIPRE RP and transfer it manually over to the infected machine by way of a flash drive since you couldn't even get online in safe mode with due to the bogus admin locking everything up. Just creating the shortcut for the VRP wasn't too fun. Then right before the bogus account could fully load on a normal start up afterwards the VPC was able to remove it and get Windows back running somewhat normal again long enough to find out the damage was a bit more extensive then first realized.

Unfortunately if you run a search for removal instructions for this one the Win 7 Antispyware 2012 you end up being told you have to download some shareware version of some retail software. The VIPRE Rescue Program is strictly a free removal tool to give a try at seeing this one removed. Just beware that while you may all traces removed the damages done will depend on how this one was written.

Something to add in here! I just spotted this one on another thread regarding problems seen after malware was removed. This would be something to consider here as well. http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html