Win 7 Antimalware 2011

Posted: November 15, 2010

Win 7 Antimalware 2011 is a rogue anti-spyware application that uses Trojans or browser security holes to install itself into unsuspecting users' computers. Trojans associated with rogue anti-spyware programs come bundled in video codecs usually found in porn websites. Once the user downloads the trojan-infested video codec, the trojan installs malicious files used to perform illicit activities such as displaying popups with messages that state the computer is at risk of spyware and to download the recommended program. In most cases, the recommended program is a rogue anti-spyware program like Win 7 Antimalware 2011. Win 7 Antimalware 2011 uses the fake security notifications to alert users of imaginary spyware it has detected and to, ultimately, entice users to purchase the full version.

File System Modifications

The following files were created in the system:

#	File Name
1	%UserProfile%Local SettingsApplication DataopRSK %UserProfile%Local SettingsApplication Datapw.exe %UserProfile%Local SettingsApplication DataMSASCui.exe %UserProfile%AppDataLocalopRSK %UserProfile%AppDataLocalpw.exe %UserProfile%AppDataLocalMSASCui.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*HKEY_CLASSES_ROOTpezfileHKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*HKEY_CURRENT_USERSoftwareClassespezfileHKEY_CURRENT_USERSoftwareClassespezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-modeHKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"

Additional Information on Win 7 Antimalware 2011

The following messages's were detected:

#	Message
1	System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here. System Hijack! System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan. Privacy threat! Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair. Stealth intrusion! Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Message

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Win 7 Antimalware 2011 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy. * See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

One Comment

Adam says:

October 17, 2012 at 9:30 am

It is always best and sfesat to remove the malicious program with an anti-virus program. Sometime these malware (this sounds like a scareware). These programs scare you into providing it with more Information with nonexistent threats of more serious viruses. But left untreated this program can yield serious programs. So if you are unable to remove it with the anitvirus program (If you don't currently have one, this Program may prevent from downloading a new from the internet), I urge restoring your computer to a time before contracting the virus such as a couple of days ago. This usually works and does not ruin your data. Excellent Luck!