Win 7 Total Security 2011
Win 7 Total Security is a fake computer anti-virus application. Win 7 Total Security 2011 virus offers a variety of computer protection features such as virus scan, Internet security, personal security, proactive defense and firewall. However, all of these are non-performing and was just an odd display on its graphical user interface. After deep analysis, it was found that Win 7 Total Security 2011 does not have the essential parts to act as fully functional security software. In fact, this rogue program is a piece of malware from a large group of fake AV products. Members of this family are able to detect victim’s operating system and install necessary version of the malware. In this case, the targeted PC is operated under Windows 7. Windows XP systems will have XP Total Security 2011 while Windows Vista will cover Vista Total Security 2011. These rogue programs are able to propagate through unfair promotional method like fake online virus scanner and spam email messages. Presence of Win 7 Total Security 2011 on one’s system will provide severe damages that will result to browser redirection, block execution of any software and modified desktop wallpaper.
It is important to remove Win 7 Total Security 2011 virus immediately and prevent any more harm on the computer. You may never notice it, but as long as Win 7 Total Security 2011 is residing on the system, it will attempt to connect to a remove server and download more threats. It may carry out several system settings that may fully disable the current security setup of your PC. At this point, it is necessary to thoroughly scan the computer with anti-malware program and delete any detected threats. Repeat the process while in SafeMode to find all files that are still hiding on the system.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Malware Behavior
The only obvious symptoms from this virus are a barrage of fake security warnings and recurring virus scanning. Aside from this, Win 7 Total Security 2011 may perform other malicious activities like the following:
- Contact a remote server to download more threats.
- Update its configuration file to strengthen its presence.
- Open a backdoor port to allow unauthorized remote control.
- Find and end processes that belong to security software.
- Disable Internet connection particularly wireless network transmission on the infected computer.
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1' HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*' HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*' HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload' HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"' HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile' HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload' HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*' HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application' HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload' HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1' HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'Associated Files and Folders:
%AllUsersProfile%\[random] %AppData%\Local\[random].exe %AppData%\Local\[random] %AppData%\Roaming\Microsoft\Windows\Templates\[random] %Temp%\[random]
File Location for Windows Versions:
- %AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\
- %AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
- %Temp% refers to C:\Windows\Temp\.
How to Remove Win 7 Total Security 2011
Restore Windows Components
If this virus enters your system, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If you have a saved restore point before Win 7 Total Security 2011 virus infiltrates the computer, please restore Windows to previous settings.
Manual Removal Procedure
1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "Win 7 Total Security 2011". When Windows Task Manager opens, go to Processes tab. Find and end this process.
(random characters).exe
2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.
3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to Win 7 Total Security 2011.
4. Next, you need to remove registry entries created by Win 7 Total Security 2011. Please refer to registry section to view entries related to the rogue program.
- (Windows 2000/XP) Go to Start > Run, type "regedit" on dialog box then press Enter on keyboard.
- (Windows Vista/7) Go to Start > Search Program and Files, type "regedit" and press Enter.
5. Exit registry editor when you are done.
6. Get rid of Win 7 Total Security 2011 start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
(random characters).exe
Win 7 Total Security 2011 Removal Tool
In order to remove the threat completely, you need to download and run Malwarebytes Anti-Malware. This is a free malware removal tool. If Trojan infection blocks the downloading of this program, get it using a clean computer. Rename the executable file before executing on the infected PC.
Warning!
You should not make changes to Windows Registry except it is crucial. Faulty registry entries may result to severe system malfunction. Please backup Windows registry before performing any changes so that you can restore it once an error is committed.Follow the procedures from this link.
Helpful Tip
The virus may prevent you from downloading the required tool by blocking the access to Internet. Before going on to virus removal, please repair your Internet access first. There are several solutions to this trouble cause by Win 7 Total Security 2011, and it is clearly stated in this guide.
Colby
Apr 11, 2011 @ 16:23:48
This advice is completely worthless.
The virus does not allow you to run any software, starts whenever you run any .exe file and even appears in safe mode.
Terminating the process in task manager is pointless since it relaunches everytime you try to do something.
ralph kraft
Apr 16, 2011 @ 15:53:36
how can i get my refund of 59 dollars back from these thives?
Anthony Denkins
May 07, 2011 @ 08:09:04
almost always its as simple as this : do a full scan on your hopefully up-to-date anti-spyware (this is to destroy any weak trojans or viruses), if it opens or if it is already opened start task manager, right-click the application and select go to process, (the process is highlighted) right-click the process and choose open file location this shows you where the original file was put, then go back to task manager and on the same process click end process tree (theres a little pop up but click ok) delete the original file usually its a bunch of random letters, then go to your recycle bin and delete the file forever, after that run a full scan. This might seem difficult but its really not that hard… and buddy if you paid with a credit card the best thing you can do is call the credit card company and tell them it was a scam if not your screwed.
P.S. terminating the process allows for manual removal some application dont allow removal unless the process is not running, also it keeps the application from getting in your way while your trying to delete it.
Torben Michaelsen
May 12, 2011 @ 23:07:36
Thanks. Worked like a charm.
But you have to find the exe in your system, kill the process and then delete the file. After that you have to run the regedit manually. win+e does still open the explorer, the icon isnt.
Erin
May 15, 2011 @ 14:23:43
I got rid of this virus fairly easily using Norton Power Erasor, although it took about 2 hours of research online to discover this program. You can download Norton Power Erasor for free, just go to the Norton website. At first, I couldn’t run the Norton Power Erasor becasue the virus stopped it. But there is a simple way to get around this. Just right click on the Power erasor from your desktop, and press “run as administrator.” Hope this helps!
Rod
May 15, 2011 @ 17:03:37
Thanks Erin. You’re a champion – I ran NPE as Administrator and all seems good. Appears to be a very easy fix.
Rick
May 15, 2011 @ 19:46:39
I am communicating with my daughter who is in China experiencing this issue. She says she is unable to access the internet with the exception of her gmail. Is there a way for her to download the NPE given her situation?
Bryan
May 16, 2011 @ 00:46:33
You have to run a program called “rkill” before you do anything, it works like a champ, sometimes you have to be quick and get malwarebytes running as soon as rkill is done. The virus will bypass the rkill sometimes. Just google it and you will find it. I usually download it on an uninfected computer and transfer it with a thumb drive. I have been a victim of this virus three times on separate computers. Of course it has had a different name each time I have been infected with the virus.
Kylie
May 18, 2011 @ 05:31:01
I got this virus and scanned my computer with a recent updates version, seemed to work but when I went to access the Internet I was unable. It said I needed to pick a programto run it?? Please help
doug
May 20, 2011 @ 19:47:58
Tried Erin’s solution.. but the virus stops me from doing anything at all. How did you get the “Power Eraser” to appear on your desktop? I have Kaperskey- does that negate your solution?
anonymous
May 22, 2011 @ 02:34:39
I used the restore feature it fixed the problem completely, the virus is completely gone along with this other one called MS security or something. If you’re wondering where you can find this feature go to: “Start menu”/ “Control Panel” and make sure you’re in all Control Panel Items then look for “Recovery” double click on it and look for “Open System Restore” click on it and click next then look for a time you wish to restore your files to, this will restart your computer and bring it back to the previous time you selected. Hope this works.
mgf
May 27, 2011 @ 03:17:40
Response #12 – solved the issue for me. Nasty virus, System resore worked perfectly. Thanks.
Mike
May 30, 2011 @ 16:26:55
The restore method was a nice elegant solution, thanks for the info.
nonebetter
May 31, 2011 @ 00:41:08
Norton Power Erasor is now available for free from the Symantec website and its the best solution.. You can remove Win 7 Security 2011 in 10 minutes.
Julia
May 31, 2011 @ 05:42:50
Erin’s advice worked absolutely perfectly. After hours of trying different methods, I downloaded NPE. Only problem was that since I couldn’t access the internet from my infected computer I had to download the program on another computer and then use a jump drive to transfer the program to my infected-computer. But once I did that, it worked like a charm and was incredibly easy to follow!
Metalhaid
May 31, 2011 @ 21:31:08
Used #12 to restore my boss’ personal laptop computer – et voila! Poof, virus is gone & I look like Super IT Person. Thanks for the info!
Metalhaid
May 31, 2011 @ 21:32:31
I have one suggestion to add to #12: For those not familiar with Windows 7, from the Control Panel, do a Search for Recovery. It pops up immediately. Thanks again!
Brian
Jun 01, 2011 @ 03:04:58
Used the restore function per #12. After rebooting, my computer is now asking me what program I want to use to open most of my executables. Oh and the when I try to return to the restore function I get “helpctr.exe Application not found” All signs of the total security 2011 bug are gone. Anybody know what’s going on with my computer?
Brian
Jun 01, 2011 @ 04:04:06
Figured it out. Programs couldn’t find rundll32.exe. Someone over on geekstogo.com provided this quick fix if anyone runs into the same problem while eliminating the Total Security 2011 virus:
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
Save this as fix.reg to your Desktop (remember to select Save As file type: All Files while in Notepad)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
suhani
Jun 02, 2011 @ 04:44:20
that system restore things work amazingly. Thanks a lot!