Win 7 Security 2013 Removal Report

Win 7 Security 2013

By Domesticus in Rogue Anti-Virus Program | 252 views

Rate it:

(1 votes, average: 5.00 out of 5)

Loading ...

[+] Click Image to Enlarge

Win 7 Security 2013 is a rogue anti-spyware tool that uses misleading techniques to dupe unsuspecting computer users into thinking their PCs are contaminated with various security threats. Then, Win 7 Security 2013 encourages victims to buy the so-called full version to remove detected malware infections and fix other PC problems. At first glance, Win 7 Security 2013 may seem to be a genuine security program but, in reality, it’s a counterfeit and worthless security application, which aims at pilfering money from victims. Win 7 Security 2013 uses Trojans to distribute itself to vulnerable machines. While being installed, Win 7 Security 2013 will run automatically every time you start your PC. Win 7 Security 2013 will perform automated bogus computer scans and creates fake malware results to scare victims into believing their computers are infected with numerous malware infections. Win 7 Security 2013 will show falsified security warning messages that also announce PC users about imaginary computer problems. You should not rely on and buy Win 7 Security 2013 because it’s an online scam. ESG’s malware analysts highly recommend you to remove Win 7 Security 2013 from the corrupted PC with a legitimate anti-malware program.

Type: Rogue Anti-Virus Program

How Can You Detect Win 7 Security 2013?

Download SpyHunter’s Detection Scanner
to Detect Win 7 Security 2013.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

Win 7 Security 2013 Technical Report

As new Win 7 Security 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Win 7 Security 2013:

The following fake error message(s) appears for Win 7 Security 2013:

Threat detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and systemmay be severe. Recover your PC from the infection right now, perform a security scan.

Privacy alert!
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.

System hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Security Breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for and anti-spyware scan.

Severe system damage!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

Win 7 Security 2013 Removal Details

Win 7 Security 2013 has typically the following processes in memory:

%CommonAppData%\[RANDOM CHARACTERS].exe
%Temp%\[RANDOM CHARACTERS].exe
%LocalAppData%\[RANDOM CHARACTERS].exe
%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe

Win 7 Security 2013 creates the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
HKEY_CLASSES_ROOT\
HKEY_CLASSES_ROOT\ah\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_CURRENT_USER\Software\Classes\ “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\ah\shell\open\command “IsolatedCommand”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe -a “C:\Program Files\Mozilla Firefox\firefox.exe”"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ”
HKEY_CURRENT_USER\Software\Classes\\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode”

Important Article Disclaimer

This entry was last updated on 01/14/13 and posted on 10/15/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.