Win 7 Security 2013 Description
Win 7 Security 2013 is a rogue anti-spyware tool that uses misleading techniques to dupe unsuspecting computer users into thinking their PCs are contaminated with various security threats. Then, Win 7 Security 2013 encourages victims to buy the so-called full version to remove detected malware infections and fix other PC problems. At first glance, Win 7 Security 2013 may seem to be a genuine security program but, in reality, it’s a counterfeit and worthless security application, which aims at pilfering money from victims. Win 7 Security 2013 uses Trojans to distribute itself to vulnerable machines. While being installed, Win 7 Security 2013 will run automatically every time you start your PC. Win 7 Security 2013 will perform automated bogus computer scans and creates fake malware results to scare victims into believing their computers are infected with numerous malware infections. Win 7 Security 2013 will show falsified security warning messages that also announce PC users about imaginary computer problems. You should not rely on and buy Win 7 Security 2013 because it’s an online scam. ESG’s malware analysts highly recommend you to remove Win 7 Security 2013 from the corrupted PC with a legitimate anti-malware program.
Type: Rogue Anti-Virus Program
How Can You Detect Win 7 Security 2013?
Download SpyHunter’s Detection Scanner
to Detect Win 7 Security 2013.
Win 7 Security 2013 Technical Report
As new Win 7 Security 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Win 7 Security 2013:
The following fake error message(s) appears for Win 7 Security 2013:
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and systemmay be severe. Recover your PC from the infection right now, perform a security scan.
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for and anti-spyware scan.
Severe system damage!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
Win 7 Security 2013 Removal Details
Win 7 Security 2013 has typically the following processes in memory:
- %CommonAppData%\[RANDOM CHARACTERS].exe
- %Temp%\[RANDOM CHARACTERS].exe
- %LocalAppData%\[RANDOM CHARACTERS].exe
- %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe
Win 7 Security 2013 creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
- HKEY_CLASSES_ROOT\ah\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘
- HKEY_CURRENT_USER\Software\Classes\ “(Default)” = ‘Application’
- HKEY_CURRENT_USER\Software\Classes\\DefaultIcon “(Default)” = ‘%1′
- HKEY_CLASSES_ROOT\ah\shell\open\command “IsolatedCommand”
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe -a “C:\Program Files\Mozilla Firefox\firefox.exe”"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ”
- HKEY_CURRENT_USER\Software\Classes\\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
- HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode”