Win 7 Security Plus 2013

Win 7 Security Plus 2013 Description

Type: Adware

Win 7 Security Plus 2013 is a variant in the FakeRean family of malware, also known as Braviax. ESG malware analysts have noticed the release of new variants in this family with the string
'2013' attached to each fake security application's name, in preparation for the coming new year. Win 7 Security Plus 2013 carries out a scam that criminals use to steal money from unsuspecting computer users. The Win 7 Security Plus 2013 scam consists in making the victim believe that the infected computer has become compromised by a severe virus or Trojan attack. To do this, Win 7 Security Plus 2013 uses a variety of tactics designed to alarm the victim. These include the approaches in the following list:

  • Win 7 Security Plus 2013 causes the infected computer to display numerous bogus system alerts and error messages.
  • Win 7 Security Plus 2013 alters the infected computer's registry to ensure that this program starts up automatically as soon as Windows is launched.
  • Win 7 Security Plus 2013 runs a bogus scan of the victim's computer which will invariably claim that the targeted computer is severely infected with malware.
  • Win 7 Security Plus 2013 can interfere with legitimate security programs and prevent the victims from accessing files, websites, and applications related to computer security.

Win 7 Security Plus 2013 will constantly attempt to convince its victims that an 'upgrade' of this fake security application is needed in order to remove the imaginary malware infection on their computer. ESG malware analysts highly recommend against following Win 7 Security Plus 2013's instructions and instead recommend removing this fake security program with the help of a real anti-virus application.

Win 7 Security Plus 2013 and other malware in the FakeRean family use naming patterns that make them easy to identify. These bogus security applications typically begin with a term that refers to the targeted operating system. For example, in the case of Win 7 Security Plus 2013, 'Win 7' refers to Windows 7, the operating system targeted by Win 7 Security Plus 2013 attacks. The Trojan that installs Win 7 Security Plus 2013 has the capability of installing a different version depending on the victim's operating system. In fact, ESG security researchers have observed variants corresponding to Windows XP, Vista, Windows 8 and even other kinds of names such as Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

Technical Information

File System Details

Win 7 Security Plus 2013 creates the following file(s):
# File Name Detection Count
1 %CommonApplData%\[RANDOM CHARACTERS] N/A
2 %LocalAppData%\[RANDOM CHARACTERS] N/A
3 %Temp%\[RANDOM CHARACTERS] N/A
4 %UserProfile%\Templates\[RANDOM CHARACTERS] N/A

Registry Details

Win 7 Security Plus 2013 creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1""%*
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ Application
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ “%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand “%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ “[RANDOM CHARACTERS_1].exe” -a “%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ “%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand “%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ “[RANDOM CHARACTERS_1].exe” -a “%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command

More Details on Win 7 Security Plus 2013

The following messages associated with Win 7 Security Plus 2013 were found:
Privacy alert!
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.
Privacy threat! Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Severe system damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
System hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Threat detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan.
Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.