Win 7 Total Security 2012
Win 7 Total Security 2012 is a duplicate of previously-established rogue security programs, including imitations of fake infection alert pop-ups, fake system scans and attacks that directly interfere with your web browser and other applications. Since Win 7 Total Security 2012 has no actual security features and directly attacks your PC security, you should avoid purchasing Win 7 Total Security 2012, which may result in your credit card being used for repeated fraudulent charges. Removing Win 7 Total Security 2012 is best done by using good anti-malware software, and will also cause all Win 7 Total Security 2012-related attacks to cease.
Win 7 Total Security 2012's Fake Security Scheme
Win 7 Total Security 2012 pretends to offer security-related features like virus detection for free, while requesting a registration fee to remove any threats that Win 7 Total Security 2012 detects. However, like Win 7 Total Security 2012's clones XP Antivirus 2012, Win 7 Anti-Spyware 2012, XP Home Security 2012, System Smart Security and Vista Home Security 2012, Win 7 Total Security 2012 can't perform any of Win 7 Total Security 2012's advertised functions.
Nonetheless, Win 7 Total Security 2012 will still create fake infection warnings in lieu of the real thing:
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.
Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.
Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
Aside from pop-ups like the ones above, Win 7 Total Security 2012 may also scan your system, and indicate that certain files or programs are infected. Since these infections aren't real, there's no reason to justify spending money on Win 7 Total Security 2012.
Securing Yourself and Your PC from Win 7 Total Security 2012
Unfortunately, Win 7 Total Security 2012 also engages in more severe behavior that makes Win 7 Total Security 2012's infection alerts look realistic:
- Win 7 Total Security 2012 may crash programs to prevent them from running, often with a message about the program being compromised. In most cases, Win 7 Total Security 2012 will do this for the specific purpose of disabling security programs that could delete Win 7 Total Security 2012 itself. In others, Win 7 Total Security 2012 may disable a program at random to increase the appearance of instability in your PC.
- Win 7 Total Security 2012 and related threats also engage in browser hijacks. Such hijacks are known to alter homepage settings, play unwanted advertisements, redirect you from one website to another, and even use fake errors to wall off website access.
Although the above attacks are alarming and can make it difficult to remove Win 7 Total Security 2012, they don't cause permanent harm to any of the affected programs. You can stop Win 7 Total Security 2012 from attacking your browser and other applications by booting from a CD, or more conveniently, by using Safe Mode.
Win 7 Total Security 2012 starts automatically by default, but a Safe Mode or other more secure OS boot will stop Win 7 Total Security 2012's startup Registry entries from triggering. Then, you can remove Win 7 Total Security 2012 by safely, using a good security program.
Since Win 7 Total Security 2012 is a new threat as of June 2011, it's strongly encouraged for you to update your security software and web browser, to be as protected as possible against Win 7 Total Security 2012 attacks.
File System Modifications
- The following files were created in the system:
# File Name 1 %AllUsersProfile%\hjq6yh9lpq1nbz7yhj1ms9taq 2 %AppData%\Local\[3 characters].exe 3 %AppData%\Local\hjq6yh9lpq1nbz7yhj1ms9taq 4 %AppData%\Roaming\Microsoft\Windows\Templates\hjq6yh9lpq1nbz7yhj1ms9taq 5 %Temp%\hjq6yh9lpq1nbz7yhj1ms9taq
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)' = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type' = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)' = '%1? = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand' = ''%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)' = ''%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand' = ''%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)' = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type' = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)' = '%1?HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand' = ''%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)' = ''%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand' – ''%1? %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "C:\Program Files\Mozilla Firefox\firefox.exe''HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "C:\Program Files\Mozilla Firefox\firefox.exe' -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "C:\Program Files\Internet Explorer\iexplore.exe''HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)' = '%1?HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "%1? %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand' = ''%1? %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)' = ''%1? %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand' = ''%1? %*'HKEY_CLASSES_ROOT\exefile "Content Type' = 'application/x-msdownload'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "%1? %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand' = ''%1? %*'HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand' = ''%1? %*'
just wanted to say thanks for spyhunter and helpdesk. you proved to stand behind your product to help remove these malwares.