Another fake antivirus program is now ‘available’ for computer users, Smart Fortress 2012. It is still using the same old way to destroy your computer system. This fake system will ask its user to purchase its full licensed program after showing the users with tons of fake warnings and system alerts about their ‘damaged’ PC. After the users purchased this fake antivirus and installed it on their system, their PC will be secretly infiltrated and destroyed step by step every time the PC started and the users should be ready to see tons of unrealistic threat warnings and alerts. Some of them are similar with the followings:
Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software…
Smart Fortress 2012 Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with Smart Fortress 2012
Application cannot be executed. The file notepad.exe is infected.
Please activate your antivirus software.
Security Monitor: WARNING!
Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk.
To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).
Furthermore, after your computer infected by this scam ware, more malwares will be able to infiltrate into your PC system which means bigger destructive potential for your PC. In order to remove this malware from your PC, please follow the following steps.
Manual removal process
- Right click on the taskbar and select “Start Task Manager”
- Click on the “Processes” bar
- Find this process :
At the lower right corner, click the “End Process” button and click it again when a popup window appeared.
- Close the “Task Manager” menu
- Click on “Start” button and choose “Run”.
- Type “regedit” at the empty bar and click the “Run” button
- Find these registry files:
HKEY_CURRENT_USER\Software\Classes\<random 4 characters>
HKEY_CLASSES_ROOT\<random 4 characters>
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\%s “(Default)” = “<random 4 characters>”
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\<random 4 characters>\shell\open\command “(Default)” = “%CommonAppData%\<random 33 characters>\<random 33 characters>.exe” -s “%1″ %*
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = “<random 4 characters>”
HKEY_CURRENT_USER\Software\Classes\<random 4 characters>\shell\open\command “(Default)” = “%CommonAppData%\<random 33 characters>\<random 33 characters>.exe” -s “%1″ %*
- For each of them, right click at it and choose “Delete” to remove the selected files. Do it for all the registry files.
- After all registry files removed, close the Registry Editor window
- Right click at the “Start” button and choose “Open Windows Explorer”.
- Find the directories where you store all Smart Fortress 2012 data. The default location should be C:\Program Files\Smart Fortress 2012
- Right click at the empty space.
- Choose the “Sort by” options and then “by type”.
- Right click at dll files one by one and select “Properties” and then you can see the locations of each dll files you should unregister.
- Click the “Start” button and choose “Run”
- Type this at the empty box:
regsvr32 -u <filename>.dll
regsvr32 -u <path>\<filename>.dll
Change the filename with the name of each dll file and the path with its location
- Close the window
- Right click on “Start” button and choose “Open Windows Explorer”
- Go to the location where you store all Smart Fortress 2012 data. The default location should be C:\Program Files\Smart Fortress 2012
- Find and delete all this files and folders:
%CommonAppData%\<random 33 characters>
%CommonAppData%\<random 33 characters>\<random 33 characters>
%CommonAppData%\<random 33 characters>\<random 33 characters>.exe
- Close the Windows Explorer
- Restart your computer system
That is all. Hope your computer can work again after the above steps.
P.S: Please backup your system before taking all the actions mentioned.