Win 7 Security 2011 Description

Win 7 Security 2011 is one of the many names taken by a fake security program that is sometimes referred to as Win32/FakeRean, or the “multi-rogue.” Win32/FakeRean names itself according to what it finds on your computer, so if you are using Windows 7, Win 7 Security 2011 is one of the possible names for this infection. Therefore, please do not mistake Win 7 Security 2011 for a Microsoft product or a native Win 7 program, because it is neither of those things. Win 7 Security 2011 is a scam.

What Win 7 Security 2011 Will Do to Your PC

The way Win 7 Security 2011 scam works is that the malware will lock down your computer and make it unusable, while trying to get you to believe that your PC is infected with malware that can only be removed if you purchase a Win 7 Security 2011 license. It is important to remember that not only is Win 7 Security 2011 incapable of detecting or removing malware, but also, there are no licenses to be had. So if you have Win 7 Security 2011 infecting your PC, you will not be able to ignore the malware, but you should also know that paying the money that Win 7 Security 2011 demands will not cause it to function usefully or to remove itself.

Win 7 Security 2011 uses scare tactics in order to manipulate PC users into paying money for its fake security program, and Win 7 Security 2011’s main scare tactics are fake system scans and security alerts. As long as Win 7 Security 2011 is present on your computer, Win 7 Security 2011 will start up every time Windows starts, when Win 7 Security 2011 will display a bogus scanner interface (which may mimic the appearance of the Windows 7 Action Center) where it will pretend to run a scan of the system. Because the scans are completely phony, they aren’t detecting anything real; so, every time a “scan” runs, Win 7 Security 2011 will tell you that Win 7 Security 2011 has found a long list of threats. Then, Win 7 Security 2011 will give you the option to remove the threats or fix these problems, and Win 7 Security 2011 will tell you that the only way to remove these “threats” is for you to pay for a license for Win 7 Security 2011. The idea is supposed to be that you are somehow using a trial version and that you would need to upgrade. However, remember that no real pre-installed Windows program would behave in this way.

The pop-up alerts created by Win 7 Security 2011 also pretend to be real Windows alerts, but their content and wording are nothing like what you would see in a legitimate alert. The alerts that Win 7 Security 2011 generates will always begin with a scary-sounding phrase, like “Stealth intrusion,” “Tracking software found,” or “Severe damage.” Then, the alerts always mention something very vague about one or more broad categories of malware that may be on your computer, or they may mention some nonexistent virus or threat that has been given an over-the-top, ridiculous name in order to sound more frightening. Just like the phony scan results, the alerts Win 7 Security 2011 generates will look as though they’re giving you an option to fix or not fix the detected problems, when in actuality, if you click on the prompts, Win 7 Security 2011 will only tell you that you have to purchase a software license.

Win 7 Security 2011 can do some very disruptive things in order to make it difficult for you to remove its fake security application. Generally, much of these blocking capabilities that Win 7 Security 2011 has are actually the result of a rootkit that is downloaded with the malware. The rootkit allows Win 7 Security 2011 to hijack your web browser, taking you to sites that you did not navigate to, as well as changing your home page, hijacking the links in your search engine results, and preventing you from accessing some or all websites by changing the HOSTS file and telling Windows that you are browsing via a proxy. Additionally, you will be unable to use Task Manager or Regedit to remove Win 7 Security 2011, because the malware will make changes to the Registry that alter your user settings and permissions. Win 7 Security 2011 even changes the Registry in ways that shut down the Windows firewall, and disable any real Windows alerts that might warn you that your actual security software is inactive. This is necessary for Win 7 Security 2011, because Win 7 Security 2011 will prevent most of your other programs from running at all.

How Win 7 Security 2011 Finds its Way into your PC

Infections with Win 7 Security 2011 are the result of infection with a Trojan. As the name implies, the Trojan is always hidden in something that looks harmless or ordinary, and which you download without concern. Fake video codecs and program updates downloaded from third-party websites are especially common places for the Trojan to be hidden, as well as files downloaded from file sharing services. There are also reports of Win 7 Security 2011 being promoted by malicious, fake pop-up online advertisements, as well as possibly infected versions of Google Chrome downloaded from unofficial, third-party sites.

The files and Registry entries associated with a Win 7 Security 2011 infection have evolved with time. Initially, Win 7 Security 2011 almost always used a file called pw.exe as its main executable. However, more recently, Win 7 Security 2011 will name its executable (program) file using a randomly-generated string of three letters. This executable file will often appear to be the Steam gaming engine published by Valve, although Win 7 Security 2011 has no association with Valve and disguises itself as Valve’s product in order to avoid suspicion.

Win 7 Security 2011 is part of a family of fake security programs that go back until at least the spring of 2010. Depending on which version of Windows you’re using, this malware may name itself something beginning with “XP,” “Vista,” or “Win 7.” Then, there are a variety of name endings that the malware may use, which may or may not include the year. In all, there are more than thirty different names used by this same infection, and which name the malware takes depends on the version of Windows you’re using, and chance.

Type: Rogue AntiSpyware Programs

How Can You Detect Win 7 Security 2011?

Win 7 Security 2011 Technical Report

As new Win 7 Security 2011 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Win 7 Security 2011:

The following fake error message(s) appears for Win 7 Security 2011:

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Win 7 Security 2011 detected 33 critical system objects.

Win 7 Security 2011 Removal Details

Win 7 Security 2011 has typically the following processes in memory:

• %UserProfile%Local SettingsApplication DataopRSK %UserProfile%Local SettingsApplication Datapw.exe %UserProfile%Local SettingsApplication DataMSASCui.exe %UserProfile%AppDataLocalopRSK %UserProfile %AppDataLocalpw.exe %UserProfile%AppDataLocalMSASCui.exe

Win 7 Security 2011 creates the following registry entries:

• HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand “(Default)” = “%UserProfile%Local SettingsApplication Datapw.exe” /START “%1″ %*
• HKEY_CLASSES_ROOTpezfileshellopencommand “(Default)” = “%UserProfile%Local SettingsApplication Datapw.exe” /START “%1″ %*
• HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = “%UserProfile%Local SettingsApplication Datapw.exe” /START “C:Program FilesInternet Exploreriexplore.exe”
• HKEY_CLASSES_ROOTpezfile
• HKEY_CLASSES_ROOT.exeshellopencommand “(Default)” = “%UserProfile%Local SettingsApplication Datapw.exe” /START “%1″ %*
• HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand “(Default)” = “%UserProfile%Local SettingsApplication Datapw.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe” -safe-mode
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center “FirewallOverride” = “1″
• HKEY_CURRENT_USERSoftwareClassespezfile
• HKEY_CURRENT_USERSoftwareClassespezfileshellopencommand “(Default)” = “%UserProfile%Local SettingsApplication Datapw.exe” /START “%1″ %*
• HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = “%UserProfile%Local SettingsApplication Datapw.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center “AntiVirusOverride” = “1″

Important Article Disclaimer