Win 7 Guard

By LoneStar in Rogue Anti-Spyware Program

Translate To:

Win 7 Guard is a rogue anti-spyware program created to extort money from unsuspecting computer users. Win 7 Guard is known to spread via Trojans. Once inside a machine it creates a start-up registry entry and modifies the browser settings. Then Win 7 Guard will simulate a fake system scanner and display fake security alerts or pop-ups, all claiming that the system is infected. A victim will be prompted to purchase the "full version" of Win 7 Guard in order to remove all the detected infections. Win 7 Guard is unable to detect or remove computer infections. Do not trust this application for your security needs.

Table of Contents

File System Details

Win 7 Guard may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%UserProfile%Local SettingsApplication DataopRSK %UserProfile%Local SettingsApplication Datapw.exe %UserProfile%Local SettingsApplication DataMSASCui.exe %UserProfile%AppDataLocalopRSK %UserProfile%AppDataLocalpw.exe %UserProfile%AppDataLocalMSASCui.exe
Name: %UserProfile%Local SettingsApplication DataopRSK %UserProfile%Local SettingsApplication Datapw.exe %UserProfile%Local SettingsApplication DataMSASCui.exe %UserProfile%AppDataLocalopRSK %UserProfile%AppDataLocalpw.exe %UserProfile%AppDataLocalMSASCui.exe Type: Executable File

Registry Details

Win 7 Guard may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*

HKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"

HKEY_CLASSES_ROOTpezfile

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"

HKEY_CURRENT_USERSoftwareClassespezfile

HKEY_CURRENT_USERSoftwareClassespezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"

Messages

The following messages associated with Win 7 Guard were found:

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Win 7 Guard

File System Details

Registry Details

Messages

Submit Comment

Related Posts

Win 7 Guardian 2010

Win 7 Guardian

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen