Win 7 Security Tool 2010
Win 7 Security Tool 2010 (or Win7 SecurityTool2010) is a rogue antispyware program which comes from the same family as XP Security Tool 2010 and Vista Security Tool 2010. These rogues are designed to operate on the Microsoft Windows 7 platform. Win7 SecurityTool2010 may sound like legitimate program but hackers only want to misguide users to purchase a useless version of Win 7 Security Tool 2010. Once installed, Win7 SecurityTool2010 will perform fake system scan and show fake infection results. Remove this rogue immediately using a reliable antispyware program.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\ave.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exeHKEY_CURRENT_USER\Software\Classes\.exe | @ = "secfile"HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIconHKEY_CURRENT_USER\Software\Classes\.exe\shellHKEY_CURRENT_USER\Software\Classes\.exe\shell\openHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = ""%AppData%\ave.exe" /START "%1? %*"HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = ""%1? %*"HKEY_CURRENT_USER\Software\Classes\.exe\shell\runasHKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\startHKEY_CURRENT_USER\Software\Classes\.exe\shell\start\commandHKEY_CURRENT_USER\Software\Classes\secfileHKEY_CURRENT_USER\Software\Classes\secfile\DefaultIconHKEY_CURRENT_USER\Software\Classes\secfile\shellHKEY_CURRENT_USER\Software\Classes\secfile\shell\openHKEY_CURRENT_USER\Software\Classes\secfile\shell\open\commandHKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = ""%AppData%\ave.exe" /START "%1? %*"HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = ""%1? %*"HKEY_CURRENT_USER\Software\Classes\secfile\shell\runasHKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\secfile\shell\startHKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
This virus will not allow any programs to run, so how I get rid of it?