Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 29 September 2011

How to Remove Security Sphere 2012 (Uninstall Guide)

Posted on 14:43 by Unknown
Security Sphere 2012 is malware commonly known as a fake anti-virus product which displays misleading security alerts, effectively blocks Windows system tools, anti-malware software and web browsers and reports non-existent infections to make you think that your computer is infected with sophisticated malware. The majority of malicious software is written for profit, rogue AVs are are no exception. Cyber criminals use various methods to distribute malware: spam, blackhat SEO techniques, drive-by downloads, software exploits or even fake online security scanners. Most of the techniques cyber crooks use to install Security Sphere 2012 and other malicious software, for example rootkits, rely heavily on user interaction. Usually, malware is part of a social engineering attack. Once installed, Security Sphere 2012 not only displays fake security warnings and notifications from Windows taskbar but also may render your computer difficult to use. Security Sphere blocks Task Manager, Internet Explorer (other web browsers too) and genuine malware removal programs. In some cases, the rogue program may allow web browser to start, however, after a few seconds it displays bogus notification saying that the website you are about to visit is trying to execute malicious code and was blocked in order to protect your computer. Just like any other widespread rogue anti-virus program Security Sphere 2012 go beyond aggressive marketing to sell software that has no functionality and provides you a false sense of security. If your computer is infected with Security Sphere 2012, please follow the removal instructions below.



Here are some sceenshots of fake security alerts generated by Security Sphere 2012:
Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software...

Warning!
Application cannot be executed. The file taskmgr.exe is infected.
Please activate your antivirus software.

Security Sphere 2012 Firewall Alert
Security Sphere 2012 has blocked a program from accessing the internet
Internet Explorer Internet browser is infected with worm Lsas.Blaster.Keyloger.

Security Sphere 2012
WARNING! 38 infections found!!!


Rogue AVs face survival challenges just like any other type of malicious software. Security Sphere 2012 drops a rootkit from the TDSS family. The rootkit must be removed; otherwise, the rogue program will be re-downloaded onto your computer. Thankfully, there's a tool called TDSSKiller which is designed to remove TDL3/4 and other rootkits from infected computer. For more informarion, please see the removal instructions below. If for any reasons you can't disable Security Sphere 2012 and run anti-malware software, you can activate the rogue program and disable the restrictions.

1. Please enter the following code: 8945315-6548431.



2. Once this is done, you are free to install recommended anti-malware software (Spyware Doctor) and remove the rogue anti-virus program from your computer properly.

Finally, if you have already purchased this fake security application, please contact your credit card company and dispute the charges. Please note that you may become a victim of credit card scam or even identity theft. Compute wisely!

Security Sphere 2012 removal instructions:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

Alternate Security Sphere 2012 removal instructions:

Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
  • Hide extensions for know file types
  • Hide protected operating system files
Click OK to save the changes.


1. Find Security Sphere 2012 file(s).

On computers running Windows XP, malware hides in:
C:\Documents and Settings\All Users\Application Data\

On computers running Windows Vista/7, malware hides in:
C:\ProgramData\

2. Look for malicious files in the given directories depending on the Windows version you have.

Example Windows XP:
C:\Documents and Settings\All Users\Application Data\eG13602PoDbI13602.exe

Example Windows Vista/7:
C:\ProgramData\eG13602PoDbI13602.exe

Basically, there will be a malicious ".exe" file named with a series of numbers or letters.



Rename eG13602PoDbI13602.exe to eG13602PoDbI13602.vir. Here's an example:



3. Restart your computer. After a reboot, Security Sphere 2012 won't start and you will be able to run anti-malware software.

4. Open Internet Explorer. Download exe_fix.reg and run it. Click "Yes" to safe the changes.

5. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Security Sphere 2012 removal video:


Associated Security Sphere 2012 files and registry values:

Files:

Windows XP:
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].exe
Windows Vista/7:
  • C:\ProgramData\[SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION "svchost.exe"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "enablehttp1_1" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • How to remove 'TidyNetwork' adware virus from your computer
    As internet users most of us have seen those irritating little pop-up windows that are advertising something that we normally have little or...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ▼  September (24)
      • How to Remove Security Sphere 2012 (Uninstall Guide)
      • Remove Advanced PC Shield 2012 (Uninstall Guide)
      • Notification of Limited Account Access - PayPal Ph...
      • Remove Ask Search and Ask Toolbar (Uninstall Guide)
      • Cyberbullying
      • Facebook Price Grid Hoax
      • ZeroAccess/Sirefef/MAX++ Rootkit Removal Tool
      • Remove Startsear.ch and search.searchcompletion.co...
      • Remove Babylon Toolbar and "Search the web (Babylo...
      • Seeearch.com Browser Hijacker (Uninstall Guide)
      • Remove Classysearchserver.com (Uninstall Guide)
      • Remove Coolsearchserver.com (Uninstall Guide)
      • Remove Excellentsearchserver.com (Uninstall Guide)
      • Windows заблокирован! Ransomware (Uninstall Guide)
      • Remove Bigseekpro.com and Somoto.com Toolbar (Unin...
      • Apple - Important information about your Apple ID
      • Remove Webplains.net (Uninstall Guide)
      • Remove *dayoftheweek.com (Uninstall Guide)
      • Remove Chit Chat (Uninstall Guide)
      • Remove La policía ESPAÑOLA Ransomware (Uninstall G...
      • How to Remove "System Recovery" (Uninstall Guide)
      • How to Remove OpenCloud Security (Uninstall Guide)
      • How to Remove Master Utilities (Uninstall Guide)
      • Remove Bandoo (Uninstall Guide)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile