Threat Database Rogue Anti-Spyware Program Win 7 Total Security 2012

Win 7 Total Security 2012

By GoldSparrow in Rogue Anti-Spyware Program

Win 7 Total Security 2012 is a fake security app that mimics the look of the Windows 7 operating system and known security tools available from trusted sources. Do not be tricked by Win 7 Total Security 2012. It is unable to detect and remove legitimate malware parasites despite its claims. All messages and system scan results rendered by Win 7 Total Security 2012 are fabricated. Purchasing Win 7 Total Security 2012 will not add functionality to the program but instead take your money in return for absolutely nothing.

File System Details

Win 7 Total Security 2012 may create the following file(s):
# File Name Detections
1. %UserProfile%\AppData\Local\MSASCui.exe
2. %UserProfile%\Local Settings\Application Data\pw.exe
3. %UserProfile%\AppData\Local\vz.exe
4. %UserProfile%\AppData\Local\pw.exe
5. %AppData%\Local\[3 characters].exe
6. %UserProfile%\Local Settings\Application Data\MSASCui.exe
7. %UserProfile%\Local Settings\Application Data\vz.exe
8. %AppData%\Roaming\Microsoft\Windows\Templates\hjq6yh9lpq1nbz7yhj1ms9taq
9. %UserProfile%\Local Settings\Application Data\opRSK
10. %AppData%\Local\hjq6yh9lpq1nbz7yhj1ms9taq
11. %UserProfile%\AppData\Local\opRSK
12. %AllUsersProfile%\hjq6yh9lpq1nbz7yhj1ms9taq
13. %Temp%\hjq6yh9lpq1nbz7yhj1ms9taq

Registry Details

Win 7 Total Security 2012 may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand' – ''%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)' = '%1? = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand' = ''%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand' = ''%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand' = ''%1? %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "C:\Program Files\Mozilla Firefox\firefox.exe' -safe-mode'
HKCR\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKCU\Software\Classes\pezfile
HKCU\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\vz.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)' = '%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)' = ''%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type' = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)' = ''%1? %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)' = '%1?
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)' = ''%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand' = ''%1? %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "C:\Program Files\Mozilla Firefox\firefox.exe''
HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKCR\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\vz.exe" /START "%1" %*
HKCU\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKLM\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type' = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand' = ''%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)' = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand' = ''%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)' = 'Application'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand' = ''%1? %*'
HKEY_CLASSES_ROOT\exefile "Content Type' = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "%1? %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)' = ''%UserProfile%\Local Settings\Application Data\[3 characters].exe' /START "C:\Program Files\Internet Explorer\iexplore.exe''
HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\vz.exe" /START "%1" %*
HKCR\pezfile
HKLM\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"

Trending

Most Viewed

Loading...