Home Malware Programs Rogue Anti-Spyware Programs Win 7 Total Security

Win 7 Total Security

Posted: February 28, 2011

As a member of a sizable horde of rogue anti-malware product clones, Win 7 Total Security utilizes standard fake infection alerts and Trojan-based infiltration to convince users of its supposedly beneficial nature. Aside from Win 7 Total Security not being capable of detecting or removing infections, it actually poses as a security risk by being present on your computer. If you're not interested in living under a barrage of semi-random alerts that serve no purpose other than to swindle you from your money, delete Win 7 Total Security by using a good anti-virus security program, also paying attention to catch any related Trojans that may have allowed Win 7 Total Security access in the first place.

Win 7 Total Security is one of a Horde Invading Your Computer Premises

Win 7 Total Security is one permutation of over a dozen different styles of what amounts to the same rogue anti-malware program. This rogue product takes its name from the operating system Win 7 Total Security is attacking, a few semi-randomized appropriate phrases and also the optional tag of '2011'. Win 7 Total Security can, therefore, also be found under the name of Win 7 Total Security 2011 or XP Total Security, for example. Win 7 Total Security is the same hostile entity regardless of the name changes and has as little to offer your computer each time.

Your first clue to Win 7 Total Security's actual malicious behavior is the fact that Win 7 Total Security is commonly installed through Trojans. After Win 7 Total Security gets onto your system, Win 7 Total Security will regurgitate an immense amount of terrifying error messages as well as scan your computer and display large quantities of undeleted infections. These are wholly faked and used to steal your money by asking you to register a rogue anti-malware product that has no value.

Here are some of the obvious messages you may see, to distinguish them from real OS alerts:

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Win 7 Total Security Firewall Alert
Win 7 Total Security has blocked a program from accessing the Internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Vanquishing Win 7 Total Security for True Total Security

Win 7 Total Security can be difficult to remove using the same methods you'd use to remove non-malicious programs. A combination of Safe Mode, the right genuine anti-malware program and possibly disabling the system restore function may be required. If you wait too long to remove Win 7 Total Security, you may find your system under further attack, since rogue programs like Win 7 Total Security will disable security as a matter of course.

Users having particular trouble deleting Win 7 Total Security should try entering this free registration code: 1147-175591-6550. This code will put Win 7 Total Security into a registered mode without giving away your information or money, which may subdue it long enough for you to finish things up.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%
    2 %AppData%
    3 %AppData%\Local\[RANDOM CHARACTERS].exe (look for 3-letter names)
    4 %AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
    5 \Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
    6 \t3e0ilfioi3684m2nt3ps2b6lru

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'

Related Posts

Loading...