Win 7 Antispyware Pro 2013

Posted: November 5, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	8,061
Threat Level:	10/10
Infected PCs:	17,439

First Seen:	October 1, 2012
Last Seen:	October 8, 2023
OS(es) Affected:	Windows

Win 7 Antispyware Pro 2013 is one of many instances of the modern rogue anti-malware program from the FakeRean family, a group of scamware that's also been noted for its security-related attacks. Because Win 7 Antispyware Pro 2013 uses nearly-constant displays of fake system alerts, infection warnings, fake scans and other faux security information to confuse its victims, the primary danger of a Win 7 Antispyware Pro 2013 infection is spending money on Win 7 Antispyware Pro 2013 by mistakenly assuming that Win 7 Antispyware Pro 2013 will fix your PC. However, SpywareRemove.com malware experts also consider Win 7 Antispyware Pro 2013 to be an overall security risk that's capable of invasive attacks against other programs, including any installed web browsers. Removing Win 7 Antispyware Pro 2013 with a legitimate anti-malware scanner is the safest means of undoing all of these issues and getting Win 7 Antispyware Pro 2013 out of your PC permanently.

Dragging Yourself out of the Waters of Win 7 Antispyware Pro 2013's Million Security Lies

Despite its looks as an apparent anti-spyware and general security program, Win 7 Antispyware Pro 2013 can't find spyware or protect your computer from any PC threats of any sort. What Win 7 Antispyware Pro 2013 can do is display simulations of system scans that always find nonexistent infections that are identified by technical names, as well as a colorful variety of fake pop-up warnings. These warnings have a thematic tendency towards high-level spyware threats like keyloggers and other programs that attempt to steal personal information, although Win 7 Antispyware Pro 2013 also is capable of mimicking other types of alerts.

Using Win 7 Antispyware Pro 2013 to remove any of the fake problems that Win 7 Antispyware Pro 2013 finds will expose you to a prompt wherein Win 7 Antispyware Pro 2013 requests money for registration. SpywareRemove.com malware research team always recommends avoiding the purchase of Win 7 Antispyware Pro 2013 or similar scamware programs that also derive from the WinPC Defender family. Other members of FakeRean, particularly those of the Multirogue 2013 subgroup, include Ultimate Defender, SystemDefender, IE Defender, Advanced XP Defender, XP Defender, WinDefender2008, PCTotalDefender, PC Defender 2008, Personal Defender 2009, WinDefender 2009, Perfect Defender 2009, Total Defender, Malware Defender 2009, WinPC Defender, PC Privacy Defender, Smart Defender Pro, Rogue.UltimateDefender, FraudTool.LastDefender.b and Security Defender Pro 2015.

Where Illusory Threats Meets Real Danger with Win 7 Antispyware Pro 2013

Issues with Win 7 Antispyware Pro 2013, unfortunately, aren't confined to attempts to make you believe that imaginary infections are real. SpywareRemove.com malware experts have often associated FakeRean-based rogue anti-malware programs with security mishaps, but Win 7 Antispyware Pro 2013 and other recent variants are particularly dangerous for their inclusion of these functions:

Browser hijacks. These attacks may be used to expose you to harmful web content, although SpywareRemove.com malware analysts note that currently, they're designed to display various fake error pages and block safe websites.
Blocked applications. Win 7 Antispyware Pro 2013 will monitor any attempts to open other program files and, in most cases, disallow them from being launched (with exceptions made for system-critical processes and your browser). Win 7 Antispyware Pro 2013 also may block security applications in other ways, such as by changing their Registry entries.

Removing Win 7 Antispyware Pro 2013 with appropriate anti-malware programs also should remove the settings changes that allow these attacks to take place. If Win 7 Antispyware Pro 2013 blocks the anti-malware software that you're trying to use to remove a Win 7 Antispyware Pro 2013 infection, SpywareRemove.com anti-malware researchers recommend using Safe Mode. In scenarios where Safe Mode doesn't disable all PC threats, extra measures – such as booting from clean USB drives – can be used.

Aliases

Win32.Bancos [Ikarus]Trojan/Win32.Diple [AhnLab-V3]TR/Bancos.CDL.8 [AntiVir]Trojan.KillProc.15905 [DrWeb]Win32:Bancos-CDL [Spy] [Avast]Artemis!8A7BB35885CF [McAfee]Trojan-Ransom.Win32.Foreign.asxx [Kaspersky]Dropper.Generic2.AAPU [AVG]Trojan-Dropper.SuspectCRC [Ikarus]Artemis!02E1070C9FAD [McAfee-GW-Edition]SPR/Tool.BeeInject.133 [AntiVir]Trojan-Spy.MSIL.Agent.buh [Kaspersky]MSIL:Crypt-AO [Avast]a variant of MSIL/Injector.U [NOD32]TR/Boigy.2 [AntiVir]
More aliases (2215)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\WINDOWS\UbiSoft\SetupUbi.exe

File name: SetupUbi.exe
Size: 643.07 KB (643072 bytes)
MD5: 735e3f35a14cc39fb874b0799a198fb3
Detection count: 349
File type: Executable File
Mime Type: unknown/exe
Path: C:\WINDOWS\UbiSoft\SetupUbi.exe
Group: Malware file
Last Updated: October 15, 2023

%SystemDrive%\ProgramData\gbieha.dll

File name: gbieha.dll
Size: 557.31 KB (557312 bytes)
MD5: ed5ef662951776536fc5a09266de8b08
Detection count: 62
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\ProgramData
Group: Malware file
Last Updated: February 22, 2013

%SystemDrive%\ProgramData\wlcon.dll

File name: wlcon.dll
Size: 1.09 MB (1098752 bytes)
MD5: fa8d670443046dd1f99dd08241362027
Detection count: 61
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\ProgramData
Group: Malware file
Last Updated: February 22, 2013

%TEMP%\Aplaeplaep\ycfyycfewuj.exe

File name: ycfyycfewuj.exe
Size: 65.53 KB (65536 bytes)
MD5: dc051532febb8ee31d8ad7b7c6ac205c
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\Aplaeplaep
Group: Malware file
Last Updated: February 22, 2013

%SystemDrive%\ProgramData\gbpsvs.dll

File name: gbpsvs.dll
Size: 1.05 MB (1052672 bytes)
MD5: ea505c2d439a5f36e3e079f25b41ae56
Detection count: 60
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\ProgramData
Group: Malware file
Last Updated: February 22, 2013

C:\$Recycle.Bin\S-1-5-18\$70b76ca57a6b1ad6260e65399d41ccb5\n

File name: n
Size: 59.9 KB (59904 bytes)
MD5: 004d883c75e80cd386a260b5eccbf285
Detection count: 56
Path: C:\$Recycle.Bin\S-1-5-18\$70b76ca57a6b1ad6260e65399d41ccb5\n
Group: Malware file
Last Updated: April 6, 2022

%LOCALAPPDATA%\{F41C0568-18AE-2FB5-3FAF-004A1F4BF0B3}\syshost.exe

File name: syshost.exe
Size: 204.8 KB (204800 bytes)
MD5: e6533434941eb27d0efd1bf7d37c4f4d
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\{F41C0568-18AE-2FB5-3FAF-004A1F4BF0B3}
Group: Malware file
Last Updated: February 22, 2013

%TEMP%\csrss.exe

File name: csrss.exe
Size: 158.72 KB (158720 bytes)
MD5: 295f8c0f0188a4ffbacd71634986bb03
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: February 22, 2013

%APPDATA%\TMf2g99RPH1P2EI.exe

File name: TMf2g99RPH1P2EI.exe
Size: 96.25 KB (96256 bytes)
MD5: 2f5b8fa2968ecb754e181c50e4e869dc
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 22, 2013

%LOCALAPPDATA%\Lollipop\Lollipop.exe

File name: Lollipop.exe
Size: 920.57 KB (920576 bytes)
MD5: 8448d114db908ac23f610dc1292edabe
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Lollipop
Group: Malware file
Last Updated: February 25, 2013

%USERPROFILE%\S-15-5943-2356-2352\winmgr.exe

File name: winmgr.exe
Size: 69.12 KB (69120 bytes)
MD5: bfdef30de6842d4190ec34213593ec49
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\S-15-5943-2356-2352
Group: Malware file
Last Updated: February 22, 2013

%TEMP%\update.exe

File name: update.exe
Size: 764.92 KB (764928 bytes)
MD5: 6124c9689dc1db263359cf83df35325b
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: February 22, 2013

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Bla Bla.exe

File name: Bla Bla.exe
Size: 4.14 MB (4141960 bytes)
MD5: cb9d64689c607953224011d89c08d839
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: February 22, 2013

%SystemDrive%\Users\<username>\8103874.dll

File name: 8103874.dll
Size: 135.16 KB (135168 bytes)
MD5: b9097671abbe840bb69102e82adc8544
Detection count: 14
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\Users\New Account
Group: Malware file
Last Updated: March 29, 2013

%APPDATA%\IZ Crypt Pre Alpha.exe

File name: IZ Crypt Pre Alpha.exe
Size: 110.59 KB (110592 bytes)
MD5: 5a251700f95ca463af81440a06c11086
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 22, 2013

%SystemDrive%\Users\<username>\6954194.dll

File name: 6954194.dll
Size: 100.86 KB (100864 bytes)
MD5: 6702fa8bfb4b5582511f22d93cb45a0a
Detection count: 10
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\Users\Max
Group: Malware file
Last Updated: February 22, 2013

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\A-2068193475.exe

File name: A-2068193475.exe
Size: 51.72 KB (51724 bytes)
MD5: 9a65737e5ccc95b04f26f95eaa2be535
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: February 22, 2013

%USERPROFILE%\Documents\wincmd.exe

File name: wincmd.exe
Size: 24.35 MB (24355844 bytes)
MD5: 506a814c73adbfa70107a40085b90b4a
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Documents
Group: Malware file
Last Updated: February 22, 2013

%TEMP%\MSDCSC\msdcsc.exe

File name: msdcsc.exe
Size: 1.15 MB (1158529 bytes)
MD5: 8f42640869da36976902d674b41cc36a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\MSDCSC
Group: Malware file
Last Updated: February 22, 2013

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Teemu.exe

File name: Teemu.exe
Size: 4.32 MB (4328372 bytes)
MD5: 2f6ec4885e14e3904d94c037ad8c98fa
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: February 22, 2013

%WINDIR%\up2date.exe

File name: up2date.exe
Size: 57.79 KB (57795 bytes)
MD5: a8a12411d33c56520ef81a83416caca6
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: February 22, 2013

%PROGRAMFILES%\WW2010CF\SERVICES.EXE

File name: SERVICES.EXE
Size: 512 KB (512000 bytes)
MD5: 48b0f162c65c7316db6ec1d294f8f37e
Detection count: 5
File type: Executable File
Mime Type: unknown/EXE
Path: %PROGRAMFILES%\WW2010CF
Group: Malware file
Last Updated: February 22, 2013

%WINDIR%\system32\wins.exe

File name: wins.exe
Size: 244.55 KB (244552 bytes)
MD5: cb5c8a3f5cba769669f662ab9e30b913
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: February 22, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\mslutv.exe

File name: mslutv.exe
Size: 49.99 KB (49992 bytes)
MD5: 7295902ee0f05ab37a2f764e9b45a8b6
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: February 22, 2013

%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS AND NUMBERS]

File name: %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS AND NUMBERS]
Group: Malware file

%LocalAppData%\[RANDOM 3 CHARACTERS].exe

File name: %LocalAppData%\[RANDOM 3 CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%LocalAppData%\[RANDOM CHARACTERS AND NUMBERS]

File name: %LocalAppData%\[RANDOM CHARACTERS AND NUMBERS]
Group: Malware file

%CommonAppData%\[RANDOM CHARACTERS AND NUMBERS]

File name: %CommonAppData%\[RANDOM CHARACTERS AND NUMBERS]
Group: Malware file

%Temp%\[RANDOM CHARACTERS AND NUMBERS]

File name: %Temp%\[RANDOM CHARACTERS AND NUMBERS]
Group: Malware file

More files

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS] "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS]\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS]\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = '[RANDOM CHARACTERS]'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"" HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\[RANDOM CHARACTERS]HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"

Additional Information

The following messages's were detected:

#	Message
1	Severe system damage! Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
2	Severe system damage! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
3	Tracking software found! Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing a security scan.
4	Virus intrusion! Your computer security is at risk. Spyware, worms and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.
5	Win 7 Antispyware Pro 2013 Alert Internet Connection alert! Suspicious network activity detected! Malware infection is possible!
6	Win 7 Antispyware Pro 2013 Firewall Alert Win 7 Antispyware Pro 2013 has blocked a program from accessing the internet Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen Private data can be stolen by third parties, including credit card details and passwords.