Win 7 Antivirus 2013

Posted: October 1, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	13

First Seen:	October 1, 2012
OS(es) Affected:	Windows

As a new variant of an old and oft-renamed hoax, Win 7 Antivirus 2013 may look like an anti-malware scanner but isn't capable of giving out alerts for anything other than fake threats. A new variant of scamware from the FakeRean family, Win 7 Antivirus 2013 is designed to interfere with your PC usage and display fraudulent warning messages until you give up and spend money to make Win 7 Antivirus 2013 calm down. SpywareRemove.com malware research team recommends otherwise, since Win 7 Antivirus 2013 can be registered without cost and doesn't have benevolent features worth purchasing in the first place. In many scenarios, rogue anti-malware programs from Win 7 Antivirus 2013's family can pose security hazards, besides being installed by separate PC threats that may make other attacks. However, most anti-malware products should be able to detect and delete Win 7 Antivirus 2013 with a minimum of difficulty – even if you may need to disable Win 7 Antivirus 2013 to regain access to these applications.

Why Win 7 Antivirus 2013 is More Than Just a Windows 7 Problem

Win 7 Antivirus 2013 markets itself as a brand-spanking-new anti-malware program for the latest version of Windows, but in appearance and functions, Win 7 Antivirus 2013 is completely unoriginal. As an observable clone of similar scamware, Win 7 Antivirus 2013's only features involve attacking your computer's security and substituting fake security alerts for real protection. Very similar members of Win 7 Antivirus 2013's family of fake anti-malware scanners include but aren't limited to such examples as Antivirus 2008 Pro, Antivirus XP 2008, Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, Rogue.Vista Antivirus 2008, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, XP Security 2012, XP Home Security 2012 and AntiVirus PRO 2015.

Win 7 Antivirus 2013's FakeRean family has been known to use many methods of distribution, including:

Drive-by-download attacks with configurable exploit packages like Blackhole Exploit Kit. These attacks tend to occur automatically and without symptoms, as long as the relevant exploitable programs (usually linked to Adobe software, Java or default Windows software) are in place.
Trojan downloaders and Trojan droppers (Tibs, Zlob, etc.) that can install a number of different types of malware, including Win 7 Antivirus 2013 or other FakeRean-based scamware. SpywareRemove.com malware experts have found that such Trojans are often distributed by spam e-mail or through fake media update links from malicious sites.

Win 7 Antivirus 2013 and its relatives have only expressed compatibility with Windows although they are compatible with all modern versions of the Windows OS.

The Real Security Shut Down That Win 7 Antivirus 2013 Uses to Enable Its Security Hoax

Win 7 Antivirus 2013's purpose is to display inaccurate pop-up warnings and system scans that make it seem as though your computer is infected by Trojans, spyware, viruses and other PC threats. Attempts to remove these threats only redirects you to a purchase form for Win 7 Antivirus 2013, which SpywareRemove.com malware experts, naturally, don't recommend trusting.

However, Win 7 Antivirus 2013's most notable attributes are its tendency, like other FakeRean family members of its branch, to attack security features of Windows. Windows Update, Security Center, Firewall and Defender may be inaccessible due to Win 7 Antivirus 2013's system changes. Win 7 Antivirus 2013 may also block websites and other programs through additional attacks.

Given these last facts, SpywareRemove.com malware experts are comfortable in labeling Win 7 Antivirus 2013 a security threat of a severe nature. Deleting Win 7 Antivirus 2013 should involve booting into Safe Mode or using other methods to block Win 7 Antivirus 2013. Once deactivated, Win 7 Antivirus 2013 can be removed with a good anti-malware product.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe

File name: %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%CommonAppData%\[RANDOM CHARACTERS].exe

File name: %CommonAppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%LocalAppData%\[RANDOM CHARACTERS].exe

File name: %LocalAppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%Temp%\[RANDOM CHARACTERS].exe

File name: %Temp%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\\DefaultIcon "(Default)" = '%1'HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"

Additional Information

The following messages's were detected:

#	Message
1	Malware intrusion! Sensitive areas of your system ware found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.
2	Stealth intrusion! Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

2 Comments

Kaito says:

December 2, 2012 at 4:36 pm

I have to buy it to fix it. Figures. Where are the instructions?
Maher says:

December 30, 2012 at 12:54 pm

no, but I have only seen it install on win7 i think it has a srpcit checking your system and accordingly displaying a win xp, vista or 7 version of the program, but the .exe will install on any windows.