Friday, October 21, 2011

How To Uninstall Security Sphere 2012

How To Uninstall Security Sphere 2012

Security Sphere 2012 is a computer malware similar to 'Security Shield'. This malware is a rogue anti-spyware program that poses to be legitimate security program. Security Shield is actually a program that displays false security results and false alerts about the state of your computer. In addition, it hijacks your computer so that you cannot run any applications.

Security Sphere 2012 is installed silently through visits to hacked web sites, exploits, and fake online scanners. Sometimes Security Shield and other similar malware programs are downloaded simply by visiting sponsored sites within google search results. Once installed, the infection randomly creates folders on C:\Documents and Settings\All Users\Application Data\, in (Windows XP), or C:\ProgramData, on (Vista and Windows 7) systems. It is then be configured to start automatically when you login to your computer. 

To remove Security Shield 2012, simply follow these steps:

- Reboot your computer into Safe Mode with Networking. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard.Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user. make sure to login as the same user you were previously logged in with in the normal Windows mode.

When in Safe More with Networking, we must first end the processes that belong to Security Sphere 2012 so that it does not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.

RKill Download
Once RKILL is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Security Sphere 2012 and other Rogue programs. When RKILL has finished,  you will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.If you continue having problems running RKill, you can download the other renamed versions of RKill from the RKill download page. Both of these files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.
Now that the program has been terminated, you have to remove its associated files from the pc.

Kill processes (using rkill):
[ransom].exe

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[ransom].exe"


Delete files:
%AllUsersProfile%\[ransom].exe


Delete directories:
%AllUsersProfile%\[random]


Now reboot your computer.