Win 7 Internet Security 2011

Posted: November 11, 2010

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	31

First Seen:	January 9, 2012
OS(es) Affected:	Windows

Win 7 Internet Security 2011 is a rogue antispyware program that's copied from similar types of scamware derived from the FakeRean group of scamware. Typical attacks from Win 7 Internet Security 2011 and other FakeRean-based PC threats include not just fake infection alerts, but also fake system scans, the littering of junk files around your hard drive and even a fraudulent Security Center that links to Win 7 Internet Security 2011's website. SpywareRemove.com malware research team discourages purchase of Win 7 Internet Security 2011, which is equivalent to handing your credit card information to thieves, and recommend quick removal of Win 7 Internet Security 2011 as your best possible action. Actual anti-malware software, if available, should be used to remove Win 7 Internet Security 2011 and related PC threats, since Win 7 Internet Security 2011's included removal utility will fail to remove all components of a Win 7 Internet Security 2011 infection.

Win 7 Internet Security 2011: a PC Shepherd That Constantly Cries Wolf

Win 7 Internet Security 2011 has a polished and user-friendly interface that tries to appeal to the average Windows-user, but scrapping off this finish will instantly reveal Win 7 Internet Security 2011's true intentions, which are the very opposite of security for your PC. Common behavior for Win 7 Internet Security 2011 and its fellow FakeRean clones includes, but isn't restricted to:

Creating harmless trash files, especially in your Windows folders, and then labeling them as viruses, Trojans or other types of high-level PC threats.
Loading a fake Security Center applet that launches the Win 7 Internet Security 2011 website when you try to access its features.
Launching itself without your consent whenever Windows starts or whenever you launch another executable (.exe) file. Win 7 Internet Security 2011 may even run in the form of a concealed background process without visible signs of its presence.
Pretending to scan your PC and find spyware, Trojan, keyloggers and other PC threats that aren't on your computer in the first place.

Exchanging Win 7 Internet Security 2011 for Legitimate PC Protection

SpywareRemove.com malware researchers discourage buying Win 7 Internet Security 2011, visiting its site, trusting Win 7 Internet Security 2011's fraudulent warnings or even using Win 7 Internet Security 2011's built-in removal tool. As a clone of other Rogue:Win32/FakeRean programs like Antispyware Vista, PC Security 2009, Security Central, Vista Internet Security and XP Guardian Pro, Win 7 Internet Security 2011 should be considered just as hostile to your PC as any virus or Trojan would be. Deleting Win 7 Internet Security 2011 with appropriate anti-malware programs, however, should insure that Win 7 Internet Security 2011's attacks cause no serious harm to your computer.

Although SpywareRemove.com malware research team has found that Win 7 Internet Security 2011 is capable of displaying a staggering range of different alerts, samples of some of Win 7 Internet Security 2011's bad information-feeding capabilities are shown below:

Severe System Damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.

Win 7 Internet Security 2011 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site's pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.

Things you can do:
- Get a copy of [rogue program name] to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)

Malware Intrusion!
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

Virus Intrusion!
Your computer security is at risk. Spyware, worms, and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe

File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%Documents and Settings%\[User Name]\Local Settings\Application Data\opRSK

File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\opRSK
Group: Malware file

%Documents and Settings%\[User Name]\Local Settings\Application Data\MSASCui.exe

File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\MSASCui.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\pezfileHKEY_CURRENT_USER\Software\Classes\pezfileHKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"