I got a virus called "Win 7 antivirus 2012" It killed my win defender

Page 2 of 2 FirstFirst 12

  1. Posts : 3,187
    Main - Windows 7 Pro SP1 64-Bit; 2nd - Windows Server 2008 R2
       #11

    One thing I'll add is that one of the people I thought I had cleaned this sucker off of had it come back about a week later. (Or maybe she just got reinfected...) The second time around I did deep scans with several different standalone virus sweepers. The first one (Malwarebytes) cleaned a bunch of stuff out. A later pass with the standalone version of MSE (from a bootable CD) found remnants of it in her Java cache. First thing I did when I got back to my computer was clean my own Java cache - just in case.
      My Computer


  2. Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       #12

    I don't get hit with any! In fact if any old download contains a bug hidden in a zip file but never opened like a few found here for old XP utilities the present av program will find and remove them completely. It also sees an effective firewall with web filtering.

    Another free tool however you can add on to alert you to bad sites which is one reason you are seeing more then one is called Web of Trust which is an IE addon that flags bad sites with a red icon. Now places like SF of course will see a green one for safe!
    Attached Thumbnails Attached Thumbnails I got a virus called "Win 7 antivirus 2012" It killed my win defender-web-trust-icon.jpg  
      My Computers


  3. Posts : 3,187
    Main - Windows 7 Pro SP1 64-Bit; 2nd - Windows Server 2008 R2
       #13

    WOT is great. I stuck that and Firefox on the machine belonging to the person I mentioned above. :)
      My Computer


  4. Posts : 2,588
    Microsoft Windows 8.1 Pro 64-bit
       #14

    Computer guy,

    Windows Defender is not an antivirus, and never was. naturally its effectiveness in removing viruses will be limited. Think medieval shield against missles. Not everyone is gunna shoot ya, but when they do... Ka-Boom. Sheild won't save you.

    Virus found in the Java cache directory

    I would just remove java though, too dangerous. Recent java attacks have been reported, but they should have released an update for it (java).

    I meantioned that I was infected myself with a similar (if not the same) virus, even with MSE. MSE caught it after an update and removed it, but it was via java. As I never use java, I have just removed it.
      My Computer


  5. Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       #15

    The WDefender was simply a rather weak antispyware tool compared to other programs just so Windows would have something if a user never installed any protections at all and still browsed the web.

    AVG and Clam av each came up with their own version of an IE security bar to alert to bad sites you would use along with WOT as adding a layer of protection without cost. The Crawler Toolbar doesn't require the Clam av to be installed however while with AVG the toolbar is an option along with the free version of the program.

    Web filters and av but still no anti-malware protections. No anti--rootkit blockers for one example. For that you add one or two more programs on and you may have a strong shield? Or the detection and removal still isn't quite there yet. Java, Adobe, and other things often need updates since those will have flaws and let things in.

    The best defense turns out to be the best offense by filtering bad sites using a program that detects and flags malicious code immediately. You'll tend to find this more in the retail programs however for internet security as well as having a good firewall inplace.

    The other thing is having a program that can effectively spot changes like recoding attempts by malwares in files system and otherwise on the drive(s). Once you have any infection consider all system restores infected as well and turn off the System Restore feature until all traces are removed. If you can create and store a full system image that's even better since you won't have any worry about wiping your drive clean.
      My Computers


  6. Posts : 1
    win7 64
       #16

    Thanks DLP for the heads up. I have followed directions here I downloaded xp security 2012 and I need to remove it. Can i do it myself or do I need a professional? - Yahoo! Answers to clean XP antivirus 2012 off my XP computer, is there anything else I should do?? Or just keep make sure I don't get reinfected?
      My Computer


  7. Posts : 22
    Windows 7 Ultimate x64
       #17

    there are some tips mentioned here which are shared by one of my friends who got this virus and got it fixed finally: Writings, Views, Reviews and Softwares Reviews: Win 7 Antivirus 2012
      My Computer


  8. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #18

    Once you have any infection consider all system restores infected as well and turn off the System Restore feature until all traces are removed
    This really isn't a good idea ... if something should go wrong during the cleaning of malware, a 'dirty' restore point to return to is better than nothing at all
      My Computer


  9. Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       #19

    It greatly depends on the malware itself. The usual recommend for viruses especially the self replicating type is dumping all restore points once you have the bug totally removed and manually create a few new ones to start off with. You wouldn't be worried about restore points while the machine is still seeing an active infection of some type.

    The first thing I would recommend for any one with an extra drive and enough space available running 7 is to create a full system image to keep safe on the other drive. The reason being some of these newer fake antivirus/antispyware programs will effectively break the present Windows installation on a machine despite a complete removal of the malware itself.

    I've run into this lately on a few systems where the system registry was too far gone even with the fake program/I-Worm completely gone the installation was unusable. Some of these malwares now being seen are far more advanced in how they work. Unless you can manually go through the entire registry once struck by one of these to find all the changes made a restore point would also have to be considered possibly toxic as well resulting in reinfection.

    On one machine the I-Worm that looked just like a spyware remover went as far as creating a new admin account to lock the user/owner out totally! We managed to get into safe mode long enough to create a desktop shortcut for the VIPRE Rescue Program one of the more effective stand alone(doesn't install - runs completely out of temp folder).

    That was able to clean up the Windows install seeing the bogus admin account deleted and later the drive was swept with the main av program but the copy of Windows on at the time was done for! That was seen on an older XP machine and later on a Vista laptop where again the I-Worm/fake program was totally removed but you couldn't use the Windows installation there either.

    Once the drives on each machine were wiped and adequate protections were added on neither one has had any further malwares to be concerned about. But it did show that some of them are better written with the intent to make the OS unusable after any infection. And sure enough too many problems suddenly appeared after that malware was long gone!

    This is where having a disaster recovery plan of some type is best advised. If the malware buries itself too deep you can be faced with the need to wipe the drive and start over fresh if you don't have an image you can restore. It stinks for those running one drive systems without an external drive for an image or simply to back things up on.

    On that XP desktop I had to download the VIPRE RP and transfer it manually over to the infected machine by way of a flash drive since you couldn't even get online in safe mode with due to the bogus admin locking everything up. Just creating the shortcut for the VRP wasn't too fun. Then right before the bogus account could fully load on a normal start up afterwards the VPC was able to remove it and get Windows back running somewhat normal again long enough to find out the damage was a bit more extensive then first realized.

    Unfortunately if you run a search for removal instructions for this one the Win 7 Antispyware 2012 you end up being told you have to download some shareware version of some retail software. The VIPRE Rescue Program is strictly a free removal tool to give a try at seeing this one removed. Just beware that while you may all traces removed the damages done will depend on how this one was written.

    Something to add in here! I just spotted this one on another thread regarding problems seen after malware was removed. This would be something to consider here as well. Default File Type Associations - Restore
    Last edited by Night Hawk; 10 Jan 2012 at 00:45. Reason: Addition information
      My Computers


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:09.
Find Us