The following lines were added (+) and removed (-):
There are variants. The first incarnations of this Rogue Antivirus were less aggressive in that the user had to click on a pseudo button or link to install the virus. The most recent variants will automatically install, override Windows security center, and cripple the operating system by diverting the .exe (executable) file type association. The common browsers, including Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome all are hijacked. The user cannot run common executable, such as the Windows Registry Editor or System Restore, and the web browsers are unable to navigate to web sites. The level of infiltration depends on the variant and how the user responds.There are variants. The first incarnations of this Rogue Antivirus were less aggressive in that the user had to click on a pseudo button or link to install the virus. The most recent variants will automatically install, override Windows security center, and cripple the operating system by diverting the .exe (executable) file type association. The common browsers, including Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome all are hijacked. The user cannot run common executable, such as the Windows Registry Editor or [[System Restore]], and the web browsers are unable to navigate to web sites. The level of infiltration depends on the variant and how the user responds.It will display the Internet Security 2012 interfaces. It typically also displays a fake Windows Security Center window which states that the computer is not protected. It promotes the rogue anti-virus applications, Internet Security 2012, or whatever variant is present. The user is prompted to register the program in order to remove the "fake" threats.Running [[Microsoft System Restore]] is the fastest and easiest way to undo the damage caused by this virus and most other current viruses today. System Restore will undo the rogue changes to the Windows Registry and system files. It will take your computer back in time to a point before you had the virus, except unlike going back in time, you will not lose any of your new work, such as excel worksheets or word documents. Your data doesn't change back, just critical system files and the registry. However, keep in mind that the virus may still exist in a dormant state on your hard drive as a file, that is harmless unless you stumble upon it and execute it. You still have to go and identify rogue files on your system and remove them.If you do not have Microsoft System Restore tactically creating automatic restore points on your system, you should read Backup Processes Using Windows XP Tools on the [[Windows XP Backup]] page. Granted, this virus is a threat to multiple versions of windows, however, we refer frequently to Windows XP specifically. Process Explained in detail:=== Our Manual Removal Process Explained in detail === Ensure the following:* Show Hidden Files and Folders in Windows. * Show extensions for known file types.* Do not hide protected operating system files.''We will be referring to %random%.exe as kjm.exe since that is what it was called on our lab computer. Again, it will likely have another name, made up of 3 characters, if it appears on your system.''Prevention:=== Additional Removal Tactics === You can use this debugged serial key 3425-814615-3990 to register the rogue application in order to stop the fake security alerts. Just click the Registration button and then select "Activate manually". Use anti-malware software (STOPzilla) to scan and remove the virus. === Other Ways to Restore .exe Association === Copy the text in bold below and paste to Notepad. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload" 4. Save file as fix.reg to your Desktop and double click to merge it into the windows registry. == Prevention == You should never click on anything suspicious, download, or install any third party software without knowing the source exactly. Remember, most modern virus threats involve duping the end user into thinking he or she is doing something necessary out of some threat of a virus. Visiting untrusted web sites expose you to virus threats.== External Resources ==The following online resources may be helpful to you in identification and removal of this rogue malware.* [http://deletemalware.blogspot.com/2011/06/remove-xp-antispyware-2012-xp-internet.html Malware Removal Instructions]* There is a really good and very thorough instructional video on youtube. Watch this video even if you utilize another removal resource. [http://www.youtube.com/watch?v=zPsJxRuqJ4I&feature=youtu.be Fake XP Internet Security 2012 Virus Removal]* It is nice to know that the authorities are actually going out and making some arrests of the criminals behind these scams. Read [http://www.readwriteweb.com/archives/report_fake_anti-virus_scareware_programs_on_the_d.php Report: Fake Anti-Virus "Scareware" Programs on the Decline]* [http://support.microsoft.com/kb/950505#LetMeFixItMyselfAlways Broken EXE Association]See also [[Online Security, AntiVirus, and System Performance Boost Scams]].