Threat Database Rogue Anti-Spyware Program Win 7 Internet Security 2011

Win 7 Internet Security 2011

Despite its authentic sounding name, Win 7 Internet Security 2011 is not a legitimate security program. Win 7 Internet Security 2011 is not designed for Windows 7, will not protect you when browsing the Internet, provides no security of any kind and the supposed 2011 version is exactly the same as Win 7 Internet Security 2010 and Win 7 Internet Security 2009 with only a few small tweaks made to this malicious program's interface. Fake security programs like Win 7 Internet Security 2011 are known as rogues, or rogue security applications. They belong to a well-known online scam that is created to prey on naive PC users by selling them useless security products. ESG security researchers consider that Win 7 Internet Security 2011 is a malware infection that presents a threat to your computer's security. A real, fully-updated security application should be used to remove Win 7 Internet Security 2011 completely from an infected computer. Failure to act in the event of a Win 7 Internet Security 2011 infection will typically result in further malware infections and the victim's computer becoming practically unusable, requiring reformatting (deleting all of the user's data in the process) and reinstalling the operating system on the affected hard drive.

The Win 7 Internet Security 2011 scam is practically identical to most versions of this fraudulent security application. Basically, Win 7 Internet Security 2011 will deliberately cause a number of problems on the victim's computer. For example, the victim's computer will run slowly, crash frequently, and display constant error messages and fake security alerts. These actions are meant to convince the victim that the computer is severely infected with malware (while in reality the main malware infection will usually be Win 7 Internet Security 2011 itself). The criminals behind Win 7 Internet Security 2011 will then attempt to have the victim purchase a useless 'full version' of Win 7 Internet Security 2011 in order to fix the very problems that Win 7 Internet Security 2011 caused on the victim's computer. ESG security researchers strongly advise against purchasing Win 7 Internet Security 2011. Instead, Win 7 Internet Security 2011 should be removed at once. If you have already paid for Win 7 Internet Security 2011, you may still be able to call your credit card company in order to cancel the charges on your credit card.

File System Details

Win 7 Internet Security 2011 may create the following file(s):
# File Name Detections
1. %Documents and Settings%\[User Name]\Local Settings\Application Data\MSASCui.exe
2. %Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe
3. %Documents and Settings%\[User Name]\Local Settings\Application Data\opRSK

Registry Details

Win 7 Internet Security 2011 may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

Trending

Most Viewed

Loading...