Win 7 Antivirus 2012

When ever I try to open IE, I get the following up up box....

"Win 7 Antivirus 2012 has blocked a program from accessing the internet

Internet Explorer is infected with Trojan-BNK.Win.32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords."

That doesn't sound good. Any ideas on how to get rid of this?

 

Boot into Safe mode with networking.
Download Malwarebytes and install its updates.
Run a full scan.

Another option that' usually more recommended is to just hose the system and reinstall, those fake AV programs can do some weird things.

 

I already have Malwarebytes installed. Should I just run it? Will that get rid of the problem completely?

 

Update Malwarebytes with the latest definitions, then run a full scan and allow it to fix all problems. If it prompts for a reboot, do it. After rebooting into normal mode, run another full scan just to make sure

 

It depends on how bad the variant you got is; I've seen Malwarebytes fix a few problems to all of them, but in all cases you'll at least have a working computer that you can decide on what to do with from there.

 

I am scared to restart my computer. I've had bad experiences with that in the past where I couldn't open any program after restarting. I thought I had Malwarebytes installed but I don't. If I install it right now, will it come fully updated? Also, when you get update Malwarebytes, does it force you to first restart your computer?

Also, the Win 7 Antivirus keeps prompting me to run a scan. Should I ignore it and close it every time?

Should I also run Avast!?

 

If you download malware bytes it will not be up to date! Once malwarebytes is installed it can be upated without rebooting.
Current program version is 1.60.0.1800, current database is 1/7/2012
When Win 7 prompts to run a scan do not do it , open task manager and end task.
IF Avast is up to date run it in safe mode also.
I would do what Hungy Man says, he knows way more about this than I do.

 

I have seen literally over 100 infected users with this virus in the last month. Most seem to have gotten it through a Java exploit.

Run RKill. Run MalwareBytes AM. Run TDSS Killer.

If you can' turn those (if the virus stops you) there will be a 3 letter process in your task manager. apz or xxx or any 3 letters. Kill it (not dwm.exe) and try again.

 

Thanks for the heads up.

I don't understand how that could be because after I downloaded it, I clicked the "updates" tab, clicked on the Update button and it said "You already have the latest version. No updates are needed" Or something to that effect.

Also, I don't have to run my computer in safemode at the moment because everything works fine except for IE.

The MalwareBytes scan seem to have worked. Hopefully it's gone for good. Thanks everyone for the help!

 

I thought I had gotten rid of the problem last night, I ran malwarebytes twice, the second time it detected nothing. Now the problem seems to have reappeared. I can't open EI, firefox keeps crashing, and the win 7 antivirus window keeps popping up. What should I do?

 

My dad had this virus. When programs can't open, try right-clicking and choose "Run as administrator." The program should then run.

 

Everything is running fine except for IE. I just want to get rid of the problem permanently.

 

@OP

Get on another computer if you have one. There are tons of guides out there on removing Win 7 Antivirus 2012. My dad had this same problem. The malware will prevent you from going to websites that will help you get rid of it. So, you need to go to a non-infected computer and get all the tools and the removal guide. If you don't have another computer, go to a friends and get everything you need onto a flash drive.

For me, once a computer is infected, even if I remove the malware/virus, I can't trust the computer anymore until I reformat/reinstall.

 

turn on computer and keep pressing F8 to boot into safe mode as mentioned before. you will not get rid of this bugger when you are logged in as normal.

 

Just spent 3 hours removing this from a computer yesterday.

 

Thanks for the tips. Everything seems to be working fine at the moment, so using another computer may not be required right now. It might reappear later tho, like it did last night. I will try running the scan again in safe mood like MrDJ suggested.

 

How did you remove it?

 

Manually removing suspicious registry files and suspicious files in the appdata folder. This was enough to seriously cripple it to the point where the computer could run RKill and MBAM.

 

The results kept showing that the virus was located in an appdata folder for me as well. Can you tell me where I can access that folder? I can't find it. Would you mind giving a step my step instruction on how you got rid of it? Are RKill and MBAM both free programs? Thanks.

 

Try with a decent file manager, example FreeCommander - freeware file manager , run it as admin. That folder is in Users > yourname > Appdata > Local , aslo check Roaming.

Bleeping Computer - Computer Help and Discussion is a good source for malware troubleshooting.
My impression, the best remedy is a Clean All (+ restore the recent disk image (that everyone always have available...?)

 

Malwarebytes is not enough, you need to follow the complete directions as per hungry man.

Alternatively, follow these directions, mostly by bleeping computer,here: Annoyances-Resolved: How To Remove XP Antivirus 2012 Virus For Free

Let us know if the problems reapper after you have done ALL the steps, not just the Malwarebytes scan. Thanks!

 

System restore (from F8) saved me from this virus, got infected from visiting the laptopvideo2go site.

 

MalwareBytes (MBAM) and RKill are both free. The appdata folder is in:
C:\Users\*USERNAME*\AppData\

I believe.

Go into local, locallow, roaming and pretty much delete whatever isn't recognizable to you.

RKill will remove some registry entries. MBAM should find some files. Run TDSS Killer too since it can install a rootkit.

 

I would cut your losses backup and quarantine your imortant data, Re-install windows and start fresh then run a decent AV on your backed up data. If it isnt safely hard backed up you may have to lose some of it.