Win 7 Antispyware 2010 and Win 7 Internet Security 2010
Win 7 Antispyware 2010 and Win 7 Internet Security 2010 are malicious applications created to deceive computer users and aims to sell the program with its fraudulent activities. Win 7 Antispyware 2010 virus can penetrate a system without user’s knowledge by pretending to be a multimedia codec for a video streaming web site. It also masquerades as legit anti-virus application endorsed on several questionable security pages. Authors of this virus also take advantages of insecure files hosted on file-sharing networks. The virus may be embedded on one of those files that pretend as application installer.
Once installed, Win 7 Antispyware 2010 begins to modify system settings and create its own start-up entries on Windows registry. Win 7 Antispyware 2010 virus infection can cause several malfunctions on the computer; the most common is disabled anti-virus software. Some Windows functions and built-in tools such as task manager, registry editor and folder options are made inaccessible to prevent users from removing the malware manually. Moreover, Win 7 Antispyware 2010 or Win 7 Internet Security 2010 will block access to web site particularly those that are security related. The intention is to avoid victim from updating current protection software and deter the downloading of required tools to remove this unwanted application.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
Win 7 Antispyware 2010 and Win 7 Internet Security 2010 are potentially unwanted applications. Unlike Trojans and viruses, rogues do not reproduce once victim executes the main file or component. They usually spread by means of another Trojan infection, fake security web sites, bogus software updates and cracked programs.
Presence of rogue software may harm the computer through extensive annoyances. The main objective of rogue application is to defraud user with a worthless program that disguises as legitimate security product.
Malware Behavior
While this virus is still on the system, expect that it will flood your desktop with bogus security notices. This scare tactics is common to known rogue application as intimidation techniques. Most of the time, displaying this fake alert serves as marketing campaign to offer the rogue product. One sample false alert is:
Added Registry Entries:Win 7 Antispyware 2010 Firewall Alert!
Win 7 Antispyware 2010 has blocked a program from accessing the Internet
Internet Explorer is infected with Trojan-BNK.Win32-Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
HKCU\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKCU\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKCR\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe" HKCU\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %* HKCU\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %* HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %* HKCR\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %* HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe" HKLM\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1" HKLM\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"Associated Files and Folders:
C:\ProgramData\KLywi9wcNU2 C:\Users\All Users\KLywi9wcNU2 %UserProfile%\AppData\Local\av.exe %UserProfile%\AppData\Local\ave.exe %UserProfile%\AppData\Local\KLywi9wcNU2 %UserProfile%\AppData\Local\WRblt8464P %UserProfile%\AppData\Local\Temp\KLywi9wcNU2 %UserProfile%\AppData\Roaming\Microsoft\Windows\Templates\KLywi9wcNU2
How to Remove Win 7 Antispyware 2010 and Win 7 Internet Security 2010
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of Win 7 Antispyware 2010 and Win 7 Internet Security 2010
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove Win 7 Antispyware 2010 and Win 7 Internet Security 2010 without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.