Open Cloud Security - Removal Guide

If you are thinking that Open Cloud Security is a very good software, you really need to think again. It is a rogue security software from Rogue.WinAVPro family and these guys are making new rogue products everyday with different names. Open Cloud Security and AV Guard Online both products look exactly same but both products just want to steal your money by showing fake infections.

Open Cloud Security doesn't have any capabilities to scan your computer. It is pre-programmed to play an animation and show bogus infection results. This software doesn't have any virus database and everything is faked just to drag you into purchasing full version of the software. It will show fake infections and then tell you that your computer is under danger and you need to purchase full version of Open Cloud security. This is just to trick you and then steal your money.

This rogue software gets installed via fake software updates, free downloads, flash update and other various methods. You'll never suspect that you are downloading a bogus software but when you'll double click on the downloaded file, you'll get Open Cloud Security virus.

Open Cloud Security will block all applications on your computer including your anti-virus software. It will pop-up at startup and literally take over your computer. Here are two screen shots of Open Cloud Security doing a fake scan and showing bogus results :

We suggest that you don't trust Open Cloud Security at all but get on your feet to remove this infection from your computer as soon as you can. The longer Open Cloud security virus stays on your computer, more harm it will do.

How to Remove Open Cloud Security

Open Cloud Security block all applications on your computer for its own benefit. It does that so that you can't run an anti-virus software and get rid of the infection.

we have studied Open Cloud Security rogue and found two methods which are effective in removing the rogue software. Read both removal methods below and follow one according to your expertise level with computers.

1. Automatic Removal Method

Automatic Removal method is the best method for complete Open Cloud Security Removal. This method is based on downloading a genuine anti-spyware program to get rid of the rogue software. Follow these steps :

A) Reboot your computer and press "F8" key repeatedly. This will show start up menu of Windows. Select "Safe Mode with Networking" and boot up your computer.

B) Download Spyware Doctor by clicking the button below. Spyware Doctor is a very powerful software and It can deal with fake products like Open Cloud Security very easily.

After downloading Spyware Doctor, install it in your machine and update its virus database. Now click on "Scan" button and do a Full Scan of your computer.

Spyware Doctor will scan all files on your computer and during scanning, It will report several infections on your computer. One of those infections will be Open Cloud Security. We have tested this on our computer and found that Spyware Doctor catches Open Cloud Security very easily.

Once the scan is done, click "Fix Checked" button and remove all the infections. That's it. Reboot your computer in Normal mode and you won't notice any signs of Open Cloud Security on your computer.

2. Manual Removal Method.

Manual removal method is only meant for advanced computer user's and you shouldn't follow this method unless you consider yourself as a computer geek. Average computer user's can't follow this method as most things on the computer are blocked by the virus and in that case, It is a tough task to remove the rogue.

Manual removal steps may not work at times and there is big risk involved If you end up doing something wrong. Follow these steps at your own risk :

1. Reboot your computer and when computer reboots, repeatedly press "F8" key on your keyboard. This will show a menu. Use up and down arrow keys to select "Safe Mode with Networking" and press enter.

2. Open Cloud Security will not run in Safe Mode and this will make your job easier. Search for malicious files on your computer and delete them.

Keep in mind that Open Cloud Security creates files with random name and below filenames are not carved in stone. You may have files on your computer with these names or other random names.

%appdata%\opencloud security\opencloud security.exe (Or Random File Name)

%appdata%\opencloud security\opencloud security.ico

%appdata%\opencloud security\wf.conf

%programs%\opencloud security\opencloud security.lnk

3. After deleting infected files, open Registry Editor and delete/correct these registry entries :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""

The above registry entry refers to a entry which runs Open Cloud Security automatically on startup. If you follow above steps carefully and know your way with computers, you can easily conduct open cloud security removal. If in doubt, consider following automatic removal method instead.

AV Guard Online Virus - Removal Guide

AV Guard Online is a rogue antivirus program from the same family who created Open Cloud Security software. These rogue products are being distributed all over the net via various channels and there is no end in sight. Both products look exactly same and try to cheat naive consumers by showing fake infection alerts.

The main channel of distributing such rogue products is hacked websites. If you visit a good website which is in control of hackers on that particular time, your computer can get infected silently provided your computer's security is vulnerable. Rogue products like AV Guard online enters in a disguised way into your computer. For example, you visit a site and you are asked to download a flash update. You'll download that update and install it in your computer not knowing that you are installing AV guard Online virus yourself.

AV Guard online will enter silently and then start bugging you with false infection reports. It will produce forged infection reports and tell you that your system is in danger and Av Guard Online can help you remove all the infections. You'll be asked to purchase full version of AV Guard online which is useless and can't help you with anything. Here is a scree nshot of AV Guard Online doing a fake scan :

Another screen shot showing false infection warning and urging you to get full version of AV Guard Online virus :

Don't trust any screenshots of pop-ups shown by AV Guard Online. These alerts are pre-programmed and real state of your computer is totally different. There is no virus in your computer except AV Guard Online itself. Read the removal guide below to learn how to clear this infection completely.

How to Remove AV Guard Online

AV Guard Online tend to block legitimate applications and this makes its removal very hard. When this rogue won't let you run any software on your computer, how will you remove it?

After doing an extensive study on this rogue, we recommend these removal methods to remove av guard on-line easily and quickly :

1. Automatic Removal Method

We highly recommend this method for complete av guard online removal. Security companies are working relentlessly to release new remedies for new threats and you can take advantage of their efforts. All you need to do is, use a genuine Spyware Remover and clear the infections.

In our research lab, we used Spyware Doctor against AV Guard online and It worked perfectly. Complete removal of the rogue software hardly took 30 minutes and this time includes installing and updating the software. You need to follow all these steps in "Safe Mode With Networking' mode. To enter into this mode, continue pressing "F8" key when your computer boots up. Next steps that you need to follow :-

A) First of all, you need to download Spyware Doctor by clicking the button below. Spyware Doctor is a very powerful software and It can deal with such fake products very easily.

After downloading Spyware Doctor, install it in your machine and update its virus database. Now click on "Scan" button and do a full scan of your computer.

Spyware Doctor will examine each and every file on your computer and since its virus database contains full information about AV Guard On-line virus, all the files related to this malware will get caught. Once the scanning is done, click "Fix Checked" button and you are done.

Automatic removal method guarantees full deletion of rogue software and you don't need to waste your time on other methods which don't work.

2. Manual Removal Method.

Manual removal of AV Guard Online is only meant for advanced computer users who have very good knowledge of Windows Operating System. If you follow manual removal method, you need to find infected files yourself as well as clear up the registry. If you have not done such things before, then you should not try your hands on manual removal steps.

At best, you will not be able to remove the rogue and at worst, your computer may stop booting up completely If you delete a system file from your computer.

Please follow these steps at your own risk :

1. Reboot your computer and when computer reboots, repeatedly press "F8" key on your keyboard. This will show a menu. Use up and down arrow keys to select "Safe Mode with Networking" and press enter.

2. AV Guard Online will not bug you in this mode. Find and delete these infected files from your computer :

C:\WINDOWS\system32\[SET OF RANDOM CHARACTERS].exe
C:\Documents and Settings\[UserName]\Application Data\conhost.exe
C:\Documents and Settings\[UserName]\Application Data\csrss.exe
C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS].1B6
C:\Documents and Settings\[UserName]\Application Data\ldr.ini
C:\Documents and Settings\[UserName]\Application Data\zA0uvS2ib3m5Q6EAV Guard Online.ico
C:\Documents and Settings\[UserName]\Application Data\Microsoft\csrss.exe
C:\Documents and Settings\[UserName]\Desktop\AV Guard Online.lnk
C:\Documents and Settings\[UserName]\Local Settings\Temp\[SET OF RANDOM CHARACTERS].tmp
C:\Documents and Settings\[UserName]\Local Settings\Temp\[SET OF RANDOM CHARACTERS].tmp
C:\Documents and Settings\[UserName]\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk

Please note that the rogue software creates random filenames and it is going to be very hard to identify the suspicious files.

3. Once you are done deleting the infected files, open Registry Editor and delete/correct these registry entries :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""

Now reboot your computer in Normal mode and see If you've gotten rid of the virus. If the problem still persists, follow automatic removal steps instead. We don't recommend manual removal method for anyone as automatic removal method is extremely effective and works all the time. Manual removal method is not really worth the risk.

Data Recovery Virus Removal - Video Guide

Data Recovery is not a genuine system defragmentation software and can’t help you with anything. This software is actually a scam designed by on-line crooks who are harvesting money using this method. They infect your computer with fake software like Data Recovery which is very hard to remove and then ask you to purchase full version of Data Recovery. You buy full version in good faith not knowing that this software is bogus.

When Data Recovery virus infects your computer, It automatically changes your desktop background image and your desktop just shows black colors. It also hides all icons from the desktop as well as all files on your computer so that you cannot access them easily. These products are designed to gain trust of users and then motivate them to buy a software which is of no use. Such types of products are called fake defragmentation software and such products imitate features of a genuine software while none of those features actually work. Here is what happens when Data Recovery takes over your computer:

1. All the icons on desktop will no longer show up and a black colored background will be applied to your desktop. You will not be able to change background color as right clicking on the desktop will no longer work.

2. The attribute of all files on your hard disk will be changed to hidden. It means that when you’ll browse any partition on your hard disk, you’ll see it completely blank like there are no files on that partition. However all the files are still intact but marked as hidden by Data Recovery virus. Once you get rid of the virus, everything will get back to normal so you don’t need to worry.

3. Fake pop-ups will continuously pop-up in your computer and ask you to purchase full version of Data Recovery virus. Don’t pay attention to any of those prompts as this rogue software is just trying to push you into purchasing full version of data recovery.

How to Remove Data Recovery

It is very hard to remove data recovery because it hides everything on your computer. We advise you to follow any of these removal methods to get rid of data recovery virus:

1. Automatic Removal Method

This is the safest and most effective removal method to delete data recovery from your computer. This method is best because removal is performed by a genuine anti-spyware program. The removal is guaranteed and all the infected files are deleted completely from your computer.

This method is equally popular among new computer users as well as advanced computer users. We have personally tested this method and it works like charm. See how we conducted data recovery removal using this very easy method.

As you can see in above video, we used Spyware Doctor to clear the infections and unhide utility from bleeping computer to unhide all the files on your computer. Just follow these two steps and everything will be back to normal in not time. This method is very powerful, effective and protects your computer from potential threats in future. Spyware Doctor will works as an active shield against infections and all threats will be stopped before they damage your computer.

2. Manual Removal Method.

We don’t recommend this method as It useful only for people who are highly skilled with computers. Still, the chances are that this method won’t work and virus will return back to your computer on next reboot.

If you follow this method and delete wrong files based on your assumption, your computer may no longer boot up and reformatting your machine will be the only option. Please follow manual removal steps at your own risk as this method is not as effective as automatic removal method:

1. First you need to stop Data Recovery process using Task Manager. Press Alt+Ctrl+Delete buttons on your keyboard to run Task Manager and end data recovery process.

2. Delete these infected files from your computer :

%LocalAppData%\
%LocalAppData%\.exe
%LocalAppData%\~
%LocalAppData%\~
%StartMenu%\Programs\Data Recovery\
%StartMenu%\Programs\Data Recovery\Data Recovery.lnk
%StartMenu%\Programs\Data Recovery\Uninstall Data Recovery.lnk
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
%UserProfile%\Desktop\Data Recovery.lnk

3. Delete/Correct these registry entries

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

If you follow above steps carefully, your computer should be free of data recovery virus. Please note that above steps should be followed at your own risk. If you are not sure, please follow manual removal method instead.

Home Safety Essentials Removal - How To Guide

Home Safety Essentials is a fake product from Virus Doctor Family which is specially designed to deceive naïve consumers. This virus mainly spreads via fake on-line scanners and malicious websites. What happens is, when you visit a website via search engine, you’ll see a page which will scan your computer and tell you that numerous infections are present in your computer. Then you’ll be offered to download software and that software is Home Safety Essentials. Always keep in mind that all the pages that do a on-line scan of your computer are fake. You should not trust those pages and never download any software otherwise your computer will get infected with rogue products like Home Safety Essentials.

Some strains of this rogue software infect the computer via hacked websites using operating system vulnerabilities. From hacked websites, this product can enter in your computer without your knowledge and permission. This virus also spreads some harmless files on your computer and then reports them as infection. Don’t fall for this cheap scam and all you need to do is remove Home Safety Essentials from your computer as quickly as possible.

Home Safety Essentials will automatically load on startup and perform many fake scans on your machine. It will tell you that to remove the infections, you need to purchase the program but the fact is, this software is not capable of removing anything. Here is a screen-shot of Home Safety Essentials:

How To Remove Home Safety Essentials

You can remove home safety essentials either by using an anti-virus software or by using your own mind. I’m describing both methods in details below.

A) Removal using a Spyware Remover

This method is highly recommended for all computer users because It is very effective and guarantees the results. You need to download a genuine Spyware remover, scan your computer and then get rid of all the infections.

This method is so easy that even newbie computer users can easily eradicate the virus. You just need to click a few buttons and rogue software will be automatically removed from your computer. For automatic removal of home safety essentials, I highly recommend Spyware Doctor. You can download Spyware Doctor by clicking the button below:

B) Manual Removal of Home Safety Essentials

Manual removal of home safety essentials is a cumbersome method and this method can’t be followed by all computer users. If you are not a computer expert, manual removal method is simply not suitable for you. Manual Removal of rogue software should not be based on any sort of assumptions.

If you delete wrong files from your computer which are actually not infected, you could lead your computer into further troubles. If you are sure that you can conduct manual removal easily, follow these steps to remove home safety essentials:

1. First of all, you need to stop the program from running. For this, you need to run Task Manager and end process of the rogue. Its process will usually have this format:

Ramdom-characters_random-numbers.exe (For example Pdfs_3433.exe)

Look for such a filename in Task Manager and end that process. You can access Task Manager by pressing ALT+CTRL+DELETE keys of your keyword. If Task Manager is blocked on your computer, download Process Explorer and end the rogue process.

2. After ending the rogue process, run Registry Editor. You can access registry editor by clicking on Start/Run, type “regedit” and click OK button.

Remove/correct these registry entries. Remove all registry entries which are in DisallowRun. If you look carefully, these registry entries are to block genuine antivirus programs from running.

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262} HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 msseces.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 avgemc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials
HKLM\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKLM\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler HKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\AluSchedulerSvc.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe

3. Now you need to remove Home Safety Essentials files from your computer. Please browse these locations and remove infected files:

%AllUsersProfile%\\
%AllUsersProfile%\\14.mof
%AllUsersProfile%\\3178.mof
%AllUsersProfile%\\46.mof
%AllUsersProfile%\\6113.mof
%AllUsersProfile%\\HS2d7_231.exe
%AllUsersProfile%\\HSE.ico
%AllUsersProfile%\\HSESys
%AllUsersProfile%\\Quarantine Items
%AllUsersProfile%\HSYITSQGE
%AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfg
%AppData%\Home Safety Essentials\
%AppData%\Home Safety Essentials\Instructions.ini
%AppData%\Home Safety Essentials\ScanDisk_.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Recent\CLSV.tmp
%AppData%\Microsoft\Windows\Recent\DBOLE.dll
%AppData%\Microsoft\Windows\Recent\PE.sys
%AppData%\Microsoft\Windows\Recent\SICKBOY.drv %AppData%\Microsoft\Windows\Recent\SICKBOY.sys %AppData%\Microsoft\Windows\Recent\delfile.dll
%AppData%\Microsoft\Windows\Recent\eb.dll
%AppData%\Microsoft\Windows\Recent\eb.sys
%AppData%\Microsoft\Windows\Recent\energy.dll
%AppData%\Microsoft\Windows\Recent\gid.tmp
%AppData%\Microsoft\Windows\Recent\pal.sys
%AppData%\Microsoft\Windows\Recent\ppal.drv
%AppData%\Microsoft\Windows\Recent\runddlkey.exe
%AppData%\Microsoft\Windows\Recent\snl2w.drv
%AppData%\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk
%UserProfile%\Desktop\Home Safety Essentials.lnk

After removing above files, please reboot your computer and you should not see Home Safety Essentials again in your computer. Keep in mind that manual removal is not a guarantee of complete removal. If you still find Home Safety Essentials in your computer or can’t follow manual removal steps, consider following automated removal method instead.

XP Antivirus 2012 Removal – How To Remove

XP Antivirus 2012 is a software which should never be trusted. It is actually a rogue antivirus software in the skin of a real anti-virus software. It just imitates legitimate scan and then shows a completely forged infection report. All the infections shown in that report are faked and have nothing to do with reality. Those infections actually don’t exist on your computer but the main intention of the software is scaring you and then dragging you into purchasing bogus software.

Don’t trust the fake scan report of XP Anti-virus 2012 as your computer is not infected at all. The only problem in your computer is XP Anti-virus 2012 itself and you need to take care of it as soon as possible. This is how XP Antivirus 2012 virus looks like:

XP Antivirus 2012 will continuously show fake alerts and ask you to purchase full version. Whenever you’ll run a genuine application on your computer, this rogue software will automatically pop-up and start scanning your computer. When you’ll try to access a site using Internet Explorer, It will tell you that your computer is at risk. You should not trust any warning and messages since those warning are forged and just to deceive you.

Even If you've purchase XP Antivirus 2012 by mistake, get in touch with your credit card company and file a dispute against the charge on your credit card. Closely watch your credit card transactions afterwards to make sure that your card is not being used fraudulently. To remove the rogue software from your computer, read the removal instructions below.

How To Remove XP Antivirus 2012

It is very easy to remove xp antivirus 2012 provided you use right software. It is true that XP Antivirus 2012 is a virus but there is much worse rogue software on the Internet which can literally damage your computer badly.

For complete XP antivirus 2012 removal, you can go for these options:

A) Removal Using a Spyware Remover:

You can remove XP antivirus 2012 using a malware remover software which is specially designed to deal with rogue products and other similar threats. You need to download a genuine malware remover, scan your whole computer for infections and then get rid of the rogue software.

We have tested several products and found that Spyware Doctor is the most effective product for removing rogue software. You can download it by clicking the button below:

After downloading, run Spyware Doctor and conduct a full scan of your computer. Spyware Doctor will automatically identify the presence of XP Antivirus 2012 in your computer and remove it. This is the easiest method and can be used by anyone.

B) Remove XP Antivirus 2012 Manually

You can try to remove XP Antivirus 2012 manually, however this method is not recommended for 95% computer users due to its complexity. This method is only useful for the people who are highly skilled in computers and have extremely good knowledge of everything.

If you don’t have ample knowledge of computers, you should not attempt your hands on this method. At best, you’ll not be able to remove the rogue software and at worst, you could damage your computer very badly. Removing the rogue software requires you to find and delete the infected files and then correct the registry entries as well. If you make a mistake while editing the registry, your computer may stop booting completely. Therefore, please follow these steps at your own risk.

1. First of all, please stop the process of XP Antivirus 2012 virus using Task Manager. You can run Task Manager by pressing Alt+Ctrl+Delete keys on your keyboard.

In Task Manager, please find a process which has 3 random letters and end that process. If you end the right process, the virus application will close down automatically.

2. Once the virus closes down, please browse this folder and delete suspicious files:

C:\Document and Settings\Administrator (or logged in user)\Application Data\

In above folder, you will find a file having three random characters in its name. This is the file you need to delete.

3. After deleting the infected file, you need to correct registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’

HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?

Keep in mind that manual removal doesn't guarantee complete removal of the rogue software. For this reason, If you find that the software is not going out of your computer, consider using a genuine spyware remover as this option is much more powerful and reliable in comparison with automatic removal.

Remove Windows Vista Recovery Virus - Help Guide

Windows Vista Recovery is not Microsoft's product but rogue anti-virus software from on-line crooks. They are using the name “Vista” in their product just to emphasize that their product is genuine.

As you already know that Windows Vista Recovery is a virus, you should remove it from your computer as soon as possible. Removing this fake product from your computer is not easy because the software is very stubborn in nature to get removed. It is programmed in such a way that it tend to block all the attempts that you make to remove this virus.

Still, it is not impossible to get rid of Windows Vista Recovery from your computer. Many people think that It is impossible to remove the virus without formatting the computer while this fact is not true. Once this rogue anti-spyware gets inside your computer, It will configure itself to run automatically on startup so that you cannot terminate it.

Then it will perform a series of false scans on your computer and show you some very threatening bogus scan results. This is just a cheap method to scare you so that you purchase the software. Here is a screen shot of Windows Vista Recovery malware doing a fake scan of your computer:

Here is how to remove vista recovery virus from your computer. There are two methods to remove this virus from your computer:

A) Automatic Removal

Automatic removal method is the easiest one to remove this virus off your computer. In this method, you need to a genuine spyware remover, scan your computer to get rid of the virus. This method is the best one as you can eliminate the malware without any efforts. You just need to download a software, scan your computer for malware and that's it.

B) Manual Removal

Manual removal instructions are not that easy to follow but if you are a bit expert with your computer, you can try to eliminate this Trojan from your computer by following these methods.

Please check for suspicious files inside this folder:

%AllUsersProfile%\
%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery

In both folders above, you’ll find some strange suspicious files and you need to remove them. You also need to eliminate registry entries from your computer which are infected :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'

In above folder's you'll find several suspicious keys which are related to Windows Vista recovery malware. You also need to get rid of those keys to remove the virus completely.

Although manual removal is a good way to remove the virus but since developers of this virus are constantly sharpening their products to avoid removal, It is always a good idea to follow the automatic removal method instead.