Sep 29

Advanced PC Shield 2012 Rogue

The Advanced PC Shield 2012 rogue is only one file, however, it also includes a Necurs.c rootkit.  This rogue doesny’lock the running of other applications but it can hijack the browser re-directing to scare messages to try and get the user to purchase the rogue.

Advanced PC Shield 2012 GUI

While the rogue is running at one point it begins to generate the fake alerts one of which was first, all icons on the desktop dissapeared and reappeared again with a fake alert of  ”Windows Desk Top has been vanished by a virus!” and then stating that the Advanced PC Shield 2012 restored the desktop.

Files and Locations:

%APPDATA%\<randon numbered file name>.exe

%APPDATA% is a token that refer to specific Windows directories for the different Operating Systems being used.



< drive>:\Documents and Settings\<user>\Local Settings\Application Data

Vista and Windows 7:

< drive>:\Users\<User>\AppData\Local

This rogue can be removed using manually methods, however, the rootkit is difficult as it will try and  re-infect the PC, so it is recommend to use our Antispyware/Antivirus removal tool, VIPRE  Antivirus. You can download a free trial to remove the  rogue from your computer for no cost by clicking on the link below:


If you are unable to download and install our malware removal tool because this has infected your computer and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>