Win 7 Security

Win 7 Security Description

Type: Possibly Unwanted Program

Don't be fooled, Win 7 Security is not a legitimate security utility. Rather, Win 7 Security is a dangerous rogue security application that belongs to a huge family of fraudulent security programs, the FakeRean family. Rogue anti-spyware programs are malicious software that disguise themselves to steal computer users' credit card information. Win 7 Security is quite the opposite of a real security application. Instead of fixing problems with your computer, Win 7 Security directly harms your computer system. It does this to pressure you into trying to solve these problems by buying Win 7 Security.

Don't Become a Victim of the Win 7 Security Scam

For hackers to gain access to your credit card information, they use programs like Win 7 Security to infect computers and steal computer users' money. Typically, this scam will follow the pattern listed below:

  1. The computer user inadvertently downloads a Trojan. Usually, these Trojans are disguised as video codecs at adult video sites, bundled up along with popular files in file sharing networks, or are disguised as software updates from third-party sites. Trojans can also aggressively attack a computer by exploiting vulnerabilities in JavaScript and Flash.
  2. The Trojan downloads and installs Win 7 Security. The Trojan will usually display a notification prompting the computer user to install Win 7 Security, or a similar program.
  3. Once installed, Win 7 Security will start to attack the infected computer. Typically, Win 7 Security will change the registry so that Win 7 Security will always load up on start-up. It will also alter browser settings, block access to executable files, create garbage files to take up space on your hard drive, start running scripts that decrease performance and start displaying constant fake security alerts and error messages.
  4. Win 7 Security will load a fake scan on start-up and then try to steal your money. In the final step of the scam, Win 7 Security will run a fake computer scan indicating many problems on your computer. Because of the problems caused by Win 7 Security itself, the computer user may be predisposed to be convinced that there is an issue on the computer (besides Win 7 Security.). Win 7 Security will claim that, to fix these problems, the computer user will have to purchase the "full version" of Win 7 Security. To do this, Win 7 Security will ask for the computer user's credit card information.

Don't fall for this scam. Win 7 Security is malware. Use normal malware removal techniques to get rid of Win 7 Security for good.

Some clones of Win 7 Security include Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

Technical Information

File System Details

Win 7 Security creates the following file(s):
# File Name Detection Count
1 %UserProfile%AppDataLocalQJyrk5wvCU1 N/A
2 %UserProfile%AppDataRoamingMicrosoftWindowsTemplatesQJyrk5wvCU1 N/A
3 C\:UsersAll UsersQJyrk5wvCU1 N/A
4 %UserProfile%AppDataLocalTempQJyrk5wvCU1 N/A
5 C\:ProgramDataQJyrk5wvCU1 N/A
6 %UserProfile%AppDataLocalWRblt8464P N/A

Registry Details

Win 7 Security creates the following registry entry or registry entries:
Registry key
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "%1" %*
HKEY_CLASSES_ROOTsecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CLASSES_ROOTsecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.