Windows 7 Antispyware 2012

Windows 7 Antispyware 2012 Description

Type: Adware

Despite its claims to the contrary, Windows 7 Antispyware 2012 is not a legitimate anti-spyware application. In fact, ESG security researchers have detected various other versions of Windows 7 Antispyware 2012, the most similar to this one being named Win 7 Antispyware 2012. These are all different versions of a Trojan infection that changes its name in order to match the infected computer system's operating system. That is, as an example, the version of Windows 7 Antispyware 2012 attacking a computer running Windows XP would be named XP Antispyware 2012. Different versions of the Windows 7 Antispyware 2012 rogue security program also randomly add the string '2011' or '2012' to the end of the rogue security program's name as a way to convince the victim that it represents a new and improved version of a well-established security application. ESG security researchers consider that it is essential to understand that Windows 7 Antispyware 2012, a member of the FakeRean family is not a legitimate security application, that Windows 7 Antispyware 2012 is actually designed to hurt your computer system in an attempt to convince you to purchase a useless license for a 'full version' of Windows 7 Antispyware 2012 and that you should not give Windows 7 Antispyware 2012 your credit card information under any circumstances. If you find that Windows 7 Antispyware 2012 is installed on your computer system, the right course of action is using a dependable anti-malware program to scan your computer system and remove Windows 7 Antispyware 2012 completely.

Windows 7 Antispyware 2012 is Part of a Well-known Online Scam

Rogue security programs are part of one of the most common online scams. This scam consists in convincing inexperienced PC users that their computer has become severely infected with several malware threats. Since an infected computer will typically present various problems (such as slowness, instability, constant error messages and problems accessing files or connecting to the Internet), inexperienced computer users may be convinced by Windows 7 Antispyware 2012's claims. However, Windows 7 Antispyware 2012 pretends to be a solution to these problems, but it actually causes the problems itself. It is an online version of a very old scam that dishonest repairmen and auto mechanics have perpetrated for generations: intentionally breaking the client's property in order to offer their bogus security program to fix it... for a fee. Do not fall for the Windows 7 Antispyware 2012 scam! Follow basic online security guidelines and keep your security application fully updated to avoid falling into its trap.

The FakeRean is an enormous family of rogue security programs and some of its members, clones of Windows 7 Antispyware 2012 are Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

Technical Information

File System Details

Windows 7 Antispyware 2012 creates the following file(s):
# File Name Detection Count
1 %LocalAppData%\kdn.exe N/A
2 %LocalAppData%\ppn.exe N/A
3 %AppData%\Local\[random characters].exe N/A
4 %AppData%\Roaming\Microsoft\Windows\Templates\rghjfykak9992kdslspiw64hd N/A
5 %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h N/A
6 %AppData%\Local\rghjfykak9992kdslspiw64hd N/A
7 %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h N/A
8 %Temp%\u3f7pnvfncsjk2e86abfbj5h N/A
9 %AllUsersProfile%\rghjfykak9992kdslspiw64hd N/A
10 %Temp%\rghjfykak9992kdslspiw64hd N/A
11 %AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h N/A

Registry Details

Windows 7 Antispyware 2012 creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1? = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1?
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.