Win 7 Security 2012

7 June 2011 3 Comments

Win 7 Security 2012 is a dangerous program that was categorized as rogue because it uses misleading alerts and task bar messages. Also installed as Vista Security 2012 or XP Security 2012 with regards to victims operating system, this potentially unwanted application uses scare tactics that is popularly employed by rogue developers. Excessive pop-up messages will flood the screen stating several security threats found on the system. It will advise to resolve these issues using only the registered version of Win 7 Security 2012.

Having loaded on the computer without any components on Add/Remove program of Windows makes Win 7 Security 2012 hard to remove automatically. It can be removed manually by a long process by individually deleting associated files and registry entries. Win 7 Security 2012 can also be removed by restoring the computer to its previous good state. But the real solution to this problem is to download an effective and legitimate anti-malware program and do a complete scan of the infected system. Delete all detected files and do another scan while in Safe Mode.

Screen Shot Image:

Win 7 Security 2012’s Action Center is an imitation of Windows Security Center. This fake interface shows relevant information regarding PC’s security status. But unlike with Security Center, the fake Action Center provides false report and misleading information.

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Malware Behavior
As part of scare tactics, this rogue security application will attempt to induce computer users into paying for the registered version of Win 7 Security 2012 through annoyances like fake pop-up security alerts. The rogue program will mimic Windows security alert balloon to further deceive its victims. Some of the bogus warnings it may display includes the following:

Threat detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from infection right now, perform a security scan.

After running the scan, Win 7 Security 2012 will display a number of detected viruses, Trojans and worms. Some of the threats detected are the following:

Threat Info: Trojan-Proxy.Win32.Agent.x
Risk: Low
Description: This Trojan launches a proxy server on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. The file is approximately 17KB in size. It is packed using PECompact. The unpacked file is approximately 30KB in size.

Threat Info: Trojan-Downloader.BAT.Ftp.ab
Risk: Low
Description: This script for a Windows FTP client can download other executable files without the knowledge or consent of the user. It may be used to download Trojan programs to the victim machine.

Added Registry Entries:

HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" 
= 'application/x-msdownload'

HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" 
= '"C:\Users\\Local Settings\Application Data\[3 random letters].exe" /START "%1" %*'

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" 
= '"C:\Users\\Local Settings\Application Data\[3 random letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" 
= '"C:\Users\\Local Settings\Application Data\[3 random letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" 
= '"C:\Users\\Local Settings\Application Data\[3 random letters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'

Associated Files and Folders:

C:\Users\\AppData\Roaming\Local\[3 random letters].exe
C:\ProgramData\ujkq54cbvnu1ksl1klpou78a
C:\Users\\AppData\Roaming\Local\ujkq54cbvnu1ksl1klpou78a
C:\Users\\AppData\Roaming\Roaming\Microsoft\Windows\Templates\ujkq54cbvnu1ksl1klpou78a
C:\Users\\AppData\Local\Temp\ujkq54cbvnu1ksl1klpou78a

Note: "ujkq54cbvnu1ksl1klpou78a" can be any random characters.

Video Tutorial (Win 7 Security 2012 Removal)

How to Remove Win 7 Security 2012

Print this Guide | Bookmark This

Activating the Rogue Program

Win 7 Security 2012 will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.

Activation Code: 3425-814615-3990

Once activated, downloading of necessary program to scan and remove Win 7 Security 2012 is now possible.

Automatic Removal Procedure

1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid Win 7 Security 2012 from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.

2. Download removal software and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, you need to update the database.

6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Win 7 Security 2012.
10. Restart your computer.

Note: If Win 7 Security 2012 prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.

3 Comments

Blog Corner
Sep 04, 2011 @ 04:53:57
I never thought if win 7 security has many trouble and can harm the PC. Thanks for share. :D
June
Jan 14, 2012 @ 20:57:48
You saved my computer!! The malware removal worked so well and my computer is back to normal. Thank you so, so much for your help!
jonejan98
Feb 21, 2012 @ 04:29:58
I think spyware is not the right term becasuse software is installed with user’s knowledge and permission and can be removed easily using uninstall program from the control panel. It’s not malicious. It is just a program that gathers some information about user’s browsing habits. It is a genuine piece of software.