Kindly find the removal instructions for the new Spyware Win 7 Internet Security 2012 . In the Case of Winodws Vista it is known as Vista Internet Security 2012. In Case of Windows XP it is known as XP Internet Security 2012

Synopsis :

Vista Internet Security 2012 pretends being an powerful antivirus but it itself in fact is completely a virus. Just like any other rogue, Vista Internet Security 2012 spreaded via the usual rogue distribution methods which include Trojan infections via browser hijacker websites. Once installed, Vista Internet Security 2012 will display a fake scanning and annoying popups stating that your computer is serious infected. While all of them are designed by Vista Internet Security 2012 and should be ignored.

Kill the following Processes from the Task Manager

[random.exe] (ex: hcy.exe, xjw.exe, jie.exe)

Delete the following Infected files:

C:\users\<user name>\appdata\local\[random].exe

Make sure you Back Up your Windows Registry Before Editing the Registry. You have to take some Extra Care While Deleting the registry. Follow the steps How to back up and restore the registry in Windows

Delete the following Registry entries:


Delete all entries except [ %1 %* ] in the below locations :

HKEY_CLASSES_ROOT\.exe\shell\open\command (Default) =




Delete all entries of the infected file only.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
Delete only : '"%LocalAppData%\kdn.exe" -a Keep "C:\Program Files\Mozilla Firefox\firefox.exe"'

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
Delete only : '"%LocalAppData%\kdn.exe" -a Keep "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
Delete only : '"%LocalAppData%\kdn.exe" -a Keep "C:\Program Files\Internet Explorer\iexplore.exe"'

- Delete Temp / Prefetch

- Reset the IE web settings

- Run the disk cleanup

- Disable the System Restore, Reboot the PC

- Enable the System Restore and make sure system is stable with no popup and symptoms of infection.


Related Topics :

© 2013 All Rights Reserved.