Home Malware Programs Rogue Anti-Spyware Programs Win 7 Anti-Spyware 2012

Win 7 Anti-Spyware 2012

Posted: June 7, 2011

ScreenshotWin 7 Anti-Spyware 2012 is a recent clone of threats like Win 7 Home Security 2012. While pretending to be an anti-virus program, Win 7 Anti-Spyware 2012 will create fake errors and alerts about infections that aren't on your PC, while also causing problems with your applications. You may be unable to run certain programs while Win 7 Anti-Spyware 2012 is active, and Win 7 Anti-Spyware 2012 may hijack your web browser to control which websites you can access. Removing Win 7 Anti-Spyware 2012 should be done immediately, but manual removal of Win 7 Anti-Spyware 2012 isn't recommended in most cases, due to the high probability of Win 7 Anti-Spyware 2012 causing undesired side effects.

Win 7 Anti-Spyware 2012 – Closer to Spyware than Anti-Spyware

Despite the fresh name, Win 7 Anti-Spyware 2012 copies the appearance, as well as much of the code from other threats. Win 7 Home Security 2012, System Smart Security, Vista Home Security 2012, Win 7 Home Security 2012 and XP Home Security 2012 are just a few samples of the many rogue security programs that are nigh-identical to Win 7 Anti-Spyware 2012.

A Win 7 Anti-Spyware 2012 infection can be quickly seen, since Win 7 Anti-Spyware 2012 will launch itself whenever Windows starts. From this point, Win 7 Anti-Spyware 2012 may display fake system scans that detect large amounts of threats like worms, Trojans or keyloggers. However, Win 7 Anti-Spyware 2012 can't detect any of the threats that Win 7 Anti-Spyware 2012 advertises itself as being a protection against, and all of these scans are fake.

Another prominent sign of Win 7 Anti-Spyware 2012 infection is the appearance of fake infection warnings, either at random, or when you try to start a program:

System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.

System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Security Alert!
Your computer is being attacked from a remote machine!
Block Internet access to your computer to prevent system infection.

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)

These pop-ups can be dangerous in the sense that they may redirect you to malicious websites or contain links to download other harmful software besides Win 7 Anti-Spyware 2012. However, they don't detect real infections or computer problems.

The Extra Tricks Win 7 Anti-Spyware 2012 Doesn't Want You to Know About

Other, more subtle attacks on your PC add further believability to Win 7 Anti-Spyware 2012's infection ruse. Win 7 Anti-Spyware 2012 may also:

  • Block programs from running, especially programs that could be used to delete Win 7 Anti-Spyware 2012 or even merely detect Win 7 Anti-Spyware 2012's presence (like anti-virus scanners or the Windows Task Manager). Although Win 7 Anti-Spyware 2012 might tell you that these programs are infected, disabling Win 7 Anti-Spyware 2012 will let you use them without any other problems.
  • Hijack your browser by altering your proxy server settings or adding harmful entries to your Windows Registry. Win 7 Anti-Spyware 2012 can use this attack to create fake errors, redirect you towards harmful websites, play advertisements, insert links into online content or hijack your search results.

Removing Win 7 Anti-Spyware 2012 is relatively simple, once you've used Safe Mode to stop Win 7 Anti-Spyware 2012 from running, in the first place. Also, if you have a good anti-malware program that has it's threat database up-to-date, there's a good change you can delete Win 7 Anti-Spyware 2012.


ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%\rghjfykak9992kdslspiw64hd
    2 %AppData%\Local\[random characters].exe
    3 %AppData%\Local\rghjfykak9992kdslspiw64hd
    4 %AppData%\Roaming\Microsoft\Windows\Templates\rghjfykak9992kdslspiw64hd
    5 %Temp%\rghjfykak9992kdslspiw64hd

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1? = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1?HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1? %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1?HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1? %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1? %*'

7 Comments

  • Florence Nkhata says:

    I purchased this fake Win 7 Antispyware software and money was taken from my account without the issues being resolved. Is there anyway I can get in touch with these crooks and take legal action? I have tried to send mail to the e-mail they indicated and I found out its a fake account. Please advise.

  • Elementaro says:

    If there was a way they would be the worst scammers ever.

  • Karen says:

    i try it but it wont let me run it

  • juzzz says:

    FYI I had this EVIL VIRUS and this software was able to detect and remove it on win7. To run the program I right clicked it and selected "run as administrator" - trying to normally start it resulted in the virus not allowing me to.

  • Blanca says:

    Why do I have to buy another spyware remover if I already have one?

  • Allan ER says:

    Win 7 antispyware 2012/ security 2012/ home security 2012/ Internet security 2012 are all the same or variant of win 7 series spyware infection.

    Most of the antivirus and spyware removal tools are able to remove the source file of this infection, but they are failed to remove the nasty entries from the registry and it causing the open with issues. so we need to remove the entries manually from the registry.

    be very cautious while editing the registry entries.

    Thanks

  • Susan says:

    Win 7 antispyware 2012/ security 2012/ home security 2012/ Internet security 2012 are all the same or variant of win 7 series spyware infection.

    Most of the antivirus and spyware removal tools are able to remove the source file of this infection, but they are failed to remove the nasty entries from the registry and it causing the open with issues. so we need to remove the entries manually from the registry.

    be very cautious while editing the registry entries.

    Thanks

Loading...