Remove Advanced PC Shield 2012 (Uninstall Guide)

  • September 28, 2011

Advanced PC Shield 2012 is a rogue anti-spyware program that displays fake alerts and false scan results in order to trick you into thinking that your computer is infected. When this rogue is installed it will be configured it start automatically when you login to Windows. Once started, it will scan your computer and state that numerous legitimate files are computer infections. It will then prompt you to purchase the program before allowing you to remove any of these so-called infections. As none of the files in its scan results are actually harmful, please do not purchase this program. It is also important that you do not attempt to manually remove any of the legitimate files it states are infections as it could affect the proper operation of your installed applications.

  • Advanced PC Shield 2012 screen shot
  • Scanning screen
  • Scan results
  • Fake virus alert
  • Fake Windows Security Center
  • Severe system damage alert
  • Tracking software found alert
  • Virus infection alert

While Advanced PC Shield 2012 is running it will randomly terminate programs that you are running on your computer and state that they are infected. It does this to make you think that your computer has a computer virus and at the same time protect itself from security programs that may assist you in removing this infection. The message that you will see when it terminates a program is:

Application has been attacked with the virus!
Advanced PC Shield 2012 detect "GMER" corrupted by "Backdoor.Destroy"
Click here for immediately security scan.

This infection will also randomly display fake security warnings and alerts that are designed to make you think that your computer is infected, systems are under attack, or that private data is being transferred. The text of these alerts include:

Severe system damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible.
Act now, click here for a free security scan.

Tracking software found!
Your PC activity is being monitor. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen.
Prevent damage now by completing a security scan.

Virus infection!
System security was fount to be compromised. Your computer is now infected. Attention, irreversible changes may occur. Private data may be stolen.
Click here now for an instant anti-virus scan.

Advanced PC Shield 2012 will also display a fake Windows Security Center that suggests you purchase the program to protect your computer. This fake security center and the fake alerts are all intended to scare you into purchasing the program and should be ignored.

As you can see, the tactics utilized by this program are fraudulent and criminal. Therefore, do not purchase Advanced PC Shield 2012 for any reason, and if you already have, please contact your credit card company and state that the program is a computer infection and a scam and that you would like to dispute the charge.

Unfortunately, this rogue installs a rootkit that makes it very hard to remove this infection. This rootkit does not allow numerous security programs to start and thus they cannot help you remove it. Though, ComboFix, is able to remove this infection we do not suggest that you use this program unsupervised. Therefore, we suggest that you instead create a virus removal assistance topic in our Virus Removal forum to receive one-on-one help with removing the Advanced PC Shield 2012 infection. The link below will provide detailed steps on how to create this topic.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

View Associated Advanced PC Shield 2012 Files

%LocalAppData%\<random>.exe %StartMenu%\Programs\Advanced PC Shield 2012\ %StartMenu%\Programs\Advanced PC Shield 2012\Buy Advanced PC Shield 2012.lnk %StartMenu%\Programs\Advanced PC Shield 2012\Launch Advanced PC Shield 2012.lnk %System%\drivers\<random>.sys %UserProfile%\Desktop\Buy Advanced PC Shield 2012.lnk

File Location Notes:

%System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7/8.

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> for Windows 2000/XP, C:\Users\<Current User> for Windows Vista/7/8, and c:\winnt\profiles\<Current User> for Windows NT.

%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\<Current User>\Local Settings\Application Data for Windows 2000/XP. For Windows Vista, Windows 7, and Windows 8 it is C:\Users\<Current User>\AppData\Local.

%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\<Current User>\Start Menu\, and for Windows Vista/7/8 it is C:\Users\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu.

View Associated Advanced PC Shield 2012 Registry Information

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<random> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 "*" = '1' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 ":Range" = '127.0.0.1' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>.exe"

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus,Trojan,Spyware, and Malware Removal Logs forum.

If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you.

Login

Remember Me
Sign in anonymously