Home Malware Programs Rogue Anti-Spyware Programs Win 7 Internet Security 2011

Win 7 Internet Security 2011

Posted: November 11, 2010

Threat Metric

Threat Level: 2/10
Infected PCs: 31
First Seen: January 9, 2012
OS(es) Affected: Windows

Win 7 Internet Security 2011 is a rogue antispyware program that's copied from similar types of scamware derived from the FakeRean group of scamware. Typical attacks from Win 7 Internet Security 2011 and other FakeRean-based PC threats include not just fake infection alerts, but also fake system scans, the littering of junk files around your hard drive and even a fraudulent Security Center that links to Win 7 Internet Security 2011's website. SpywareRemove.com malware research team discourages purchase of Win 7 Internet Security 2011, which is equivalent to handing your credit card information to thieves, and recommend quick removal of Win 7 Internet Security 2011 as your best possible action. Actual anti-malware software, if available, should be used to remove Win 7 Internet Security 2011 and related PC threats, since Win 7 Internet Security 2011's included removal utility will fail to remove all components of a Win 7 Internet Security 2011 infection.

Win 7 Internet Security 2011: a PC Shepherd That Constantly Cries Wolf

Win 7 Internet Security 2011 has a polished and user-friendly interface that tries to appeal to the average Windows-user, but scrapping off this finish will instantly reveal Win 7 Internet Security 2011's true intentions, which are the very opposite of security for your PC. Common behavior for Win 7 Internet Security 2011 and its fellow FakeRean clones includes, but isn't restricted to:

  • Creating harmless trash files, especially in your Windows folders, and then labeling them as viruses, Trojans or other types of high-level PC threats.
  • Loading a fake Security Center applet that launches the Win 7 Internet Security 2011 website when you try to access its features.
  • Launching itself without your consent whenever Windows starts or whenever you launch another executable (.exe) file. Win 7 Internet Security 2011 may even run in the form of a concealed background process without visible signs of its presence.
  • Pretending to scan your PC and find spyware, Trojan, keyloggers and other PC threats that aren't on your computer in the first place.

Exchanging Win 7 Internet Security 2011 for Legitimate PC Protection

SpywareRemove.com malware researchers discourage buying Win 7 Internet Security 2011, visiting its site, trusting Win 7 Internet Security 2011's fraudulent warnings or even using Win 7 Internet Security 2011's built-in removal tool. As a clone of other Rogue:Win32/FakeRean programs like Antispyware Vista, PC Security 2009, Security Central, Vista Internet Security and XP Guardian Pro, Win 7 Internet Security 2011 should be considered just as hostile to your PC as any virus or Trojan would be. Deleting Win 7 Internet Security 2011 with appropriate anti-malware programs, however, should insure that Win 7 Internet Security 2011's attacks cause no serious harm to your computer.

Although SpywareRemove.com malware research team has found that Win 7 Internet Security 2011 is capable of displaying a staggering range of different alerts, samples of some of Win 7 Internet Security 2011's bad information-feeding capabilities are shown below:

Severe System Damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.

Win 7 Internet Security 2011 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site's pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.

Things you can do:
- Get a copy of [rogue program name] to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)

Malware Intrusion!
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

Virus Intrusion!
Your computer security is at risk. Spyware, worms, and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Application Data\opRSK File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\opRSK
Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Application Data\MSASCui.exe File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\MSASCui.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\pezfileHKEY_CURRENT_USER\Software\Classes\pezfileHKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
Loading...