Articles > Information Security
Printer Friendly Version
Views: 10242

Malware: Windows Security 2012 Removal Instructions

Last Updated: 6/23/11

Removal is difficult, because this malware erases your .exe file association so that you cannot run most application on your computer.

1. ctrl + shift + esc should open up task manager for you. On the Processes tab, select "View" > "Select Columns", enable "Image Path Name", find the process running from c:\users\(username)\AppData\Local\(random).exe, kill this process.

2. Browse to the path above and rename two .exe files in that folder. both with the infection date as their last modified time stamp.

3. Explorer to C:\windows\system32, locate cmd.exe, right click and choose "Run as administrator" (This should launch the command prompt for you, if you just double click it will not open). If that does not open the command prompt, then copy cmd.exe to and then execute it.

4. Download the attached reg files and transfer them to the infected computer via USB flash drive or network share. copy them to c:\temp or a similar location ("mkdir c:\temp" if needed to make the folder)

5. Use this command to import each .reg file. If some fail that is ok.
"reg import c:\temp\win7_exefile_assoc.reg", then repeat for each .reg file.

6. Now you should be able to run applications like normal again. I suggest a full virus/malware scan and cleanup or just restore to your last restore point.

Attached Files:
win7_.exe_assoc.reg (1414 downloads)
win7_exefile_assoc.reg (1447 downloads)
win7_.reg_assoc.reg (1397 downloads)
win7_regfile_assoc.reg (1446 downloads)

Keywords: windows security 2012, malware, spyware, virus, removal, windows 7, windows vista