Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Rogue Anti-Spyware Program Win 7 Home Security
4 Comments

Win 7 Home Security

By Domesticus in Rogue Anti-Spyware Program
Translate To:
English

Win 7 Home Security is a rogue security application with numerous clones. Some clones of Win 7 Home Security include XP Antivirus 2012, Win 7 Home Security 2012, Win 7 Home Security 2011 and 2010, Vista Internet Security 2012, Vista Internet Security 2011, and Vista Internet Security 2010. Like most rogue security applications, Win 7 Home Security attacks its victim with a constant barrage of fake error messages and pop-up alerts, pretending that the infected computer contains an extremely severe malware infection that can only be removed with Win 7 Home Security's help. Other symptoms of a Win 7 Home Security infection include browser redirects and an inability to access various files and applications (those involved in protecting your computer system particularly). ESG security researchers consider that Win 7 Home Security is a dangerous presence on your computer, which should be removed immediately.

Understanding the Win 7 Home Security Scam

Like most rogue security applications, Win 7 Home Security displays fake scan results and false positives in order to direct its victims to the Win 7 Home Security website. There, this fake security program is advertised as a legitimate solution and the victim will be asked for their credit card information in order to purchase a useless registration key for this fake security product. ESG malware analysts strongly recommend that you do not give your money to the criminals behind this fake security program. You will simply lose your money and Win 7 Home Security will remain on your computer system. As long as Win 7 Home Security stays on your computer, Win 7 Home Security has the ability to hijack your Browser, display numerous error messages and block software essential for your computer's safety.

Dealing with a Win 7 Home Security Infection

You should never purchase this fake security program. Instead, use a real anti-malware program to remove Win 7 Home Security. However, you will need to bypass Win 7 Home Security's self-defense mechanisms, which will probably block your security software. You can do this by starting your computer system in Safe Mode (just press F8 during Windows' start-up). You can also use the registration code 1147-175591-6550 in order to disable some of Win 7 Home Security's more annoying features. You should note that this does not remove Win 7 Home Security, but only alleviates some of its symptoms. The use of the code mentioned above should be followed with immediate removal with an anti-malware tool.

File System Details

Win 7 Home Security may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe
2. %AppData%\Local\[3 RANDOM LETTERS].exe
3. %AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
4. %UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru
5. %AppData%\t3e0ilfioi3684m2nt3ps2b6lru
6. %AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
7. %Temp%\t3e0ilfioi3684m2nt3ps2b6lru
8. %AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru

Registry Details

Win 7 Home Security may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'

4 Comments

sasasa Reply

hey man i really need your help this virus is already on my other laptot and it dosent let me open my browser any more i cant go to any sites what can i do please reply please i need to finish my project!!!!!!!!!!

Janae Reply

I just had this on my new laptop. It scared the hell out of me. I have windows 7 on my laptop so i went to system restore and set it back 2 days... It worked and the virus didnt come back, never went to the site again with that stupid virus. So if you go into your start then search system restore in your programs/files when you see it click on it and it will pop up you just continue till you reach the page where you click on the date *note=doing this WILL erase all downloads you made after that period of time INCLUDING the virus* and then it will restart your computer and you will be able to use your internet and it will not pop up anymore unless you go back to the same site you recieved it from... GoodLuck

carl Reply

Yes same happened to me ie new laptop windows 7. All seems clear, making sure ive got good security now.

THANKS!

charles brown Reply

It would help if you gave us a hint as to how to get rid of it. Fortunately a system restore worked in my case. Also it didn't just "give frightening messages" -- it locked up my IE and threatened not to give it back until I paid the money.

Related Posts

Trending

Most Viewed

Loading...