This is a bad news for all Smart Protection 2012 users. Research found that Smart Protection 2012, as a new product of Security Sphere 2012, is a rogue software and has the ability in infecting its user’s computer as what it has done to thousands of computer worldwide.

In destroying your computer security system, this malware closes down every process running on your computer and running a really fake malware scan. This fake scan will also show false malware infections report to you. If at that point, you still don’t get any information about this malware, you will surely get worried about this report and possibly think to buy this product. This is the main point, this is the point of the scammers. They will stop the false report which totally disturbing you only if you buy the system, but you will get something worse in exchange : you will not be able to take control of your own computer and unable to terminate the program. Your computer will become very slow and a victim of this ‘super scary’ malware.

However, you don’t need to worry if you are not an expert in computer. You still can remove the threat. Please refer to the following actions to remove Smart Protection 2012 manually.


Manual Removal Process

  1. Re-boot your computer
  2. When your computer is re-booted, immediately press the F8 key repeatedly to entery the Windows Start Up menu, where you can see various options including options you need to remove the Smart Protection 2012
  3. Use your navigation button on the keyboard to find the “Safe Mode with Networking” option, then select it
  4. After the Windows appeared, you will need to login to your account if the system asked you to
  5. Wait for a few seconds until the Windows start running in the Safe Mode
  6. Next, you need to enter the Registry Editor menu. Find the “Start” button on the taskbar and click it.
  7. Find the “Run” button and click it also.
  8. After the “Run” menu appeared,  type “regedit” and then click on the “Run” button to open the Registry Editor menu
  9. After the Registry Editor menu opened, find and remove these registry keys :


HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = “exefile”
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = “%1″ = “%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = “%1? %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = “%1? %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = “%1? %*”
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = “Application”
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = “%1″
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*”
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = “%1? %*”
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = “%1? %*”
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – “%1? %*”
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*”
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”


Unregister .dll Files

List all dll files you found at the directories where you store the Smart Protection 2012. One by one, right click at the files and choose Properties. Find the location of  .dll file you want to remove. Then copy the location. Next, open the “Run” menu from the “Start” button. Type :


regsvr32 -u <filename>.dll


regsvr32 -u <path>\<filename>.dll

where <path> is the path to the file, and <filename> is the name of the file.


Delete files and directories

After having all .dll files unregistered and registry keys removed, all you need to do now is removing all files and directories where you store the Smart Protection 2012 files. You can simply do this using Add or Remove Programs from the Control Panel section. Just click the “Start” button at the taskbar and you will find it.


That is it, after the whole process your computer now is ready to work again. You just need to re-boot it again so the changes will take effect at the system. After your computer re-booted, the whole system will be back again.



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>