Wednesday, February 29, 2012

Smart Fortress 2012

This rogue is pretty easy to remove. First, it is sometimes easier to have the aid of a product key, so here it is:


If you are unable to register it, you can stop it with little work.

Copy "C:\Windows\regedit.exe" to the desktop

Copy "C:\Windows\System32\taskmgr.exe" to the desktop

Rename "regedit.exe" to "explorer.exe"

Launch your renamed regedit and locate and delete:


Close regedit and delete or rename the "regedit.exe" that you renamed to "explorer.exe".

Rename "taskmgr.exe" to "explorer.exe" and then open it

Find the process and kill it. Then run a full scan with MalwareBytes'. This one puts a file in system restore so you can avoid a full scan by clearing the restore points before scanning. Remember, make sure system restore is enabled once removal is completed to protect yourself.

Registry Keys:

HKLM\Software\Microsoft\Security Center | AntiVirusDisableNotify
HKLM\Software\Microsoft\Security Center | FirewallDisableNotify
HKLM\Software\Microsoft\Security Center | UpdateDisableNotify
HKCU\Software\Microsoft\Windows\Currentversion\Uninstall\Smart Fortress 2012


C:\Documents and Settings\All Users\Application Data\<random>.exe
C:\System Volume Information\_restore{random}\RP1\<random>.exe
C:\Documents and Settings\<User>\Desktop\Smart Protection 2012.lnk