Win 7 AntiVirus 2012

Win 7 AntiVirus 2012 Description

Win 7 Antivirus 2012 Screenshot 1Win 7 Antivirus 2012 is a rogue antivirus program that uses fake alerts and system scans with dishonest results to make you think that purchasing Win 7 Antivirus 2012 is the only way to save your PC from an army of infections. Even the registered version of Win 7 Antivirus 2012 can’t remove or find real threats, however, and keeping Win 7 Antivirus 2012 on your PC will actually result in browser hijacks and problems running other programs. You should remove Win 7 Antivirus 2012 as soon as it’s possible by using a real anti-virus scanner.

The Fake Security Features That Win 7 Antivirus 2012 Wants You to Know About

Win 7 Antivirus 2012, like many other rogue security programs, has two sides – a directly visible side where it pretends to be an anti-virus and security product, and a hidden side where Win 7 Antivirus 2012 attacks your PC while trying to hide its malicious nature.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Win 7 Antivirus 2012 is in the same subcategory as many other rogue security programs that belongs to the FakeRean family that fake anti-virus features; some other examples of threats that are nearly identical to Win 7 Antivirus 2012 are Internet Protector, Win 7 Security 2013, Internet Security Protection, Win 7/Win 8/XP/Vista Antivirus Pro 2013, Galileo System Cleaner, Win 7 Internet Security 2013, XP Security Plus 2013, AVC Plus, Internet Antivirus 2011, Antivirus2008, Vista Total Security 2013, Zorton XP/Vista/Win7/Win8 Antivirus 2014, Antivirus Plus 2014, XP\Win7\Win8 Antivirus 2014, XP\Vista\Win7\Win8 Protection 2014, Internet Security 2013, Internet Security 2012, Vista Security Cleaner Pro, Win 7 Internet Security 2011, Windows Vista Security 2012, Vista Internet Security 2013, AntivirusXP 2008, Vista Antivirus 2013, Windows Vista Internet Security 2012, Win 7 Home Security 2013, Vista Antispyware 2014, Win 7 Security 2012, Win 7 Antivirus Plus 2013, XP Antivirus Plus 2013, XP Home Security 2012, Antivirus2008Pro, XP Anti-Virus 2011, Vista Internet Security Pro 2013, Security Cleaner Pro, Vista Antivirus Plus 2013, Windows XP Internet Security 2012, Windows 7 Internet Security 2012, Win 8 Security System, Vista Security 2012, CleanThis, Vista Antivirus 2008, XP Security 2013, XP Antispyware 2013, Vista Security Plus 2013, Rogue Rango XP/Vista/Win7/Win8 Antivirus, Internet Security and MySafePC 2014 .

Like all of the above rogue security programs, Win 7 Antivirus 2012 looks like a normal anti-virus application and will even scan your computer. Instead of finding real threats, however, Win 7 Antivirus 2012 creates fake threat alerts to push you into purchasing an updated version of Win 7 Antivirus 2012 that can ‘remove’ these threats. Win 7 Antivirus 2012 will also reinforce the impression of multiple infections on your computer by using fake warning notifications.

These pop-ups are never the result of Win 7 Antivirus 2012 scanning your computer for threats, and notifying you about them once they’ve been detected. Win 7 Antivirus 2012 can’t find or delete Trojans and other PC threats even in its registered version, and, therefore, you should never pay money for Win 7 Antivirus 2012.

The Working Features That Win 7 Antivirus 2012 Doesn’t Want You to See

Despite brazenly displaying anti-virus features that don’t actually work, Win 7 Antivirus 2012 has functional features that it tries to misdirect you away from:
  • Win 7 Antivirus 2012 can hijack popular web browser applications. The primary symptom of a hijack is when you’re redirected to a strange and inevitably malicious website for no reason, although hijacks can also conceal themselves in changed search results, altered homepage settings, and even fake website error pages.
  • Win 7 Antivirus 2012 may also shut down different programs to stop you from using security-related software to remove Win 7 Antivirus 2012 from your PC. In a fit of surprising subtlety, Win 7 Antivirus 2012 can even use fake errors such as the examples listed earlier, to make it look like there’s a real problem with the program that it’s shutting down.

Like the majority of threats, Win 7 Antivirus 2012 will attack your Registry to enable its own automatic startup every time Windows loads. Preventing the above attacks without stopping Win 7 Antivirus 2012 from loading is difficult, and it’s suggested that you use Safe Mode or another alternate boot method to disable Win 7 Antivirus 2012’s startup. Afterwards, removing a disabled Win 7 Antivirus 2012 by applying a good anti-malware program is a fairly straightforward process.

Visual & GUI Characteristics

Win 7 Antivirus 2012 Screenshot 2Win 7 Antivirus 2012 Screenshot 3Win 7 Antivirus 2012 Screenshot 4Win 7 Antivirus 2012 Screenshot 5Win 7 Antivirus 2012 Screenshot 6Win 7 Antivirus 2012 Screenshot 7Win 7 Antivirus 2012 Screenshot 8Win 7 Antivirus 2012 Screenshot 9

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%\[RANDOM CHARACTERS]
    2 %AppData%\Local\[RANDOM CHARACTERS]
    3 %AppData%\Local\[RANDOM CHARACTERS].exe
    4 %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'

Additional Information

  • The following messages's were detected:
    # Message
    1Attention: DANGER!
    ALERT! System scan for spyware, adware, trojans and viruses is complete.
    Win 7 Antivirus 2012 detected 35 critical system objects.
    2System danger!
    Your system is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the
    3Win 7 Antivirus 2012 ALERT
    Internet Explorer alert. Visiting this site may pose a security threat to your system.
Posted: June 8, 2011 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (12 votes, average: 4.08 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 306


  • Tory says:

    Oh. I don’t like AVG. Merely not detecting viruses in many cases. My vote is for the Spyhunter. it found it and removed after register. tanks.

  • pablomasia says:

    gracias makinaa

  • Stephanie says:

    Wow, this problem has proven to be quite complicated on my computer.
    I have finally started windows in safe mode, however I am unable to open task manager. A box pops up saying \"C:\\Windows\\system32\\taskmgr.exe\" and something like \"Unable to find this application\". In fact, I get this response when I try to open ANY program. Also, when I try to open the mozilla as the administrator, it opens, but I can not access the internet. When I try to restore my system to a previous restore point, a box pops up prompting me to choose a program to open my file, and the only program it offers as an option is Internet Explorer….which is obviously not what I need to open my system restore.
    This doesn\’t make any sense!

    Does anyone have any advice on how to remove this virus if I do not have access to the task manager, system restore, or the internet?
    Thank you!

  • Abbi says:

    I just got this thing on my computer, I could not open any anti-spyware program or IE. I restored my computer to a previous restore point (last Windows Update) & this wiped it from my computer, so if all else fails;try that. 😉

  • v says:

    I can’t seem to get out of safe mode. I thought I deleted win7 antivirus but I notice it is still there. Please help. I have purchased norton antivirus, but it stalls. So I am missing something

  • atkisson says:

    if im not mistaken there are laws against cyber terrorism

  • abby says:

    I agree. lets.

  • Phew says:

    I have had a panicky few hours findingout my PC has been infected with this virus! I’ve got a laptop that I’ve been able to investigating the net with – thankfully. I hope that I’ve now got rid of it, and the way that I’ve done this is by starting the PC in safe mode and then doing a system restore to a few days ago. Fingers crossed so far.

  • Leila says:

    Andrea, please explain how run my computer in safe mode with networking. I appriciate.

  • FredT says:

    all i want to know is where is the guy or company making this crap, I say lets hunt them down and kill them and blow up their stuff so they can’t screw over any one else…KILL THEM ALL!!!

  • Grs Dev says:

    This virus is actually running a script. fst.exe is the process that is behind this script. Kill it and you can regain control over your pc. It will try to relaunch itself. It also stops and screws up the Windows Defender service then deploys a fake windows defender process. Once you disable the fst.exe you should be able to download the tool above.

  • Brad Barnard says:

    If it wasn\’t for SRware Iron\’s security I wouldn\’t be able to get on the internet, I ended up using IObit\’s Malware Fighter to remove the registry mods and find out it was associated with Whitesmoke Translator, a program I don\’t remember downloading in the first place.

  • Lsarro says:

    I could not load any program at all including regedit it disables the .exe.
    I had to use windows repair and ran a scan after it went to a back up

  • Rich says:

    There are many blogs that have instructions on how to get rid of this virus, but none that tell you how to avoid getting it in the first place. In my case, I kept getting the virus back from torrent download sites.

    As the removal instructions indicate, the infection changes a registry key:


    The infection also hides the fake antivirus program on your hard drive, somewhere in your user profile directory. The fake antivirus program is given a random name, like nwa, so you can’t find it by looking for something specific.

    The infection changes the key so that when you try to start your browser, the fake antivirus program starts up instead. Yes, you can get rid of it (that is well documented), but short of never visiting a site (such as a torrent site) where you can get the infection again, you need to protect the key from getting changed again. Windows 7 is supposed to prevent unauthorized changes to the system, using a feature called User Account Control. I set User Account Control to its highest setting, but it did not prevent the key changes. Spybot Search and Destroy also has a feature to do something similar, but it likewise failed to prevent the key change.

    However, if you are able to use regedit, and understand file and folder security permissions, you can beat the virus from returning. I’ll provide an overview of what I did, but will leave the EXACT actions to you.

    1. Using regedit, navigate to the key, and right click to bring up the context menu. Click Permission to access ACL (access control list) settings. If you know how to work with the ACL for files and folders, the method is the same.
    2. The ACL includes the groups and/or users (such as Administrators, Creator Owner, System, etc) and their permissions for the key. For each user, for each permission (Read, Write, Full Control, etc) you can specify “Allow” or “Deny.” Add the user Everyone to the ACL.
    3. Set “Deny” for the “Full Control” permission for the Everyone user. Deny overrides Allow. Note that “Everyone” permissions apply to EVERYONE, even Administrators. So if Everyone has Full Control denied, it will override Administrators having Full Control allowed. Now, the key values (data) can’t be changed, not even the System can change the key data. You can no longer even SEE the key values (Read permission is denied). You can’t change the permission back, because Deny also applies to changing permissions, not just to changing data values. It’s (almost) a one-way street.
    4. If you ever need to turn off Deny, you can, with administrative authority, take ownership of the key. As the key owner, you can remove the Deny permission.

    I intentionally did not provide step-by-step directions, because if you are not already intimately familiar with Windows file permissions, you should not be messing with the registry this way. This post is intended to bring attention of this solution only to those experienced with ACLs.

    I assume that if you have the right antivirus software installed, it could prevent the key change instead of using the procedure described here. But I don’t have anything other than Microsoft Security Essentials for malware protection, and it did not do the job.

  • kara says:

    iv read all the comments and have not got my answers to fix my problem

  • Max says:

    One easy way to get around it temporarily is open every program u want to use by right clicking then saying "Run as Administrator" this bypasses every interruption to that program opening. Using that, i am surfing the internet for ways to fix this annoying problem.

  • Jenn says:

    Andrea, thanks so much for the tip…after three hours I came upon your comment and was able to run everything in safe mode and removed it……

  • Jenn says:

    omg i have it!! I had to log into another desktop acct to even get my malwarebytes to run, so when i go to do a restart windows starts installing updates….now i cannot even access my acct, just a black screen with an error message that goes away so fast i cannot even see it!

  • aziro says:

    thanks for the program. too bad win 7 won\’t let you download anything. I ran my own anti-virus [I was suprised that was still working] and got enough of it removed to download the program. I have to open the program after restarting my computer but the issue is that if win 7 antivirus boots up before you open the program the program becomes blocked. I open it and every time I open it the program says I need new updates. If I\’m lucky I can get the updates downloaded then it tells me to restart my computer to initilize it. so I restart the computetr and race to open the program and start the scan only for it to tell me I have to download more updates [when I previously downloaded the updates not even 5minutes earlier] I can\’t tell if this program is useless or just the attempts

  • john says:

    There is a law… like you if you steal..we will get you for fraud etc… but it does not help normal folks who has no idea about this kind of vicious attack.

  • Ryan says:

    Mhm. My sister got this. I knew it was malicious the first milisecond I saw it.

    She said that she was just browsing on facebook and stuff, then it popped up saying verify or something. That\’s when she got the series of constant threat messages.

    I\’ve dealt with this before on my own machine. It wasn\’t this one but it was still a rogue anti-virus. I basically got annoyed about it and told her she was a fool for even verifying ANYTHING like this on the Internet.

    I managed to delete the kvk.exe\’s (The Win 7 2012 Antivirus apps) and keep Windows Task Manager open on the side to tell me when they did re-open again. I had to system restore so it got rid of it completely.

    I\’d seriously recommend everyone to make sure their PC has system restore points.

  • ali says:

    so useful tnx very much

  • Andrea says:

    You have to run your computer in safe mode with networking THEN download the spyhunter program. Otherwise the Win 7 antivirus will not let you continue.

  • says:

    I a, working on someones Mac right now as that Win 7 Anti Virus 2012 Program will NOT let me USE the Internet. It BLOCKS me. I called my server Teksavvy and all is well as far as me receiving my Internet connection.
    I have NO clue as to what to do as I can NOT even get into my Internet through Internet Explorer or Safari. I am on a Disability Pension. live alone and yada yada yada. Yes it is a problem but I have always seemed to manage.
    But this one has stymied me completely. I shut my computer off and I even unplugged it.
    That\\\\\\\’s how paranoid I am about this.

    Any help would greatly be appreciated. And ADMITTEDLY I am perhaps just a \\\\\\\’vit; past being a \\\\\\\’novice\\\\\\\’ in computers.

    May Thanks if you can help.

    Gary Spears Hamilton Ontario

  • alex says:

    what is the other way you can get rid of win 7 home security 2012 because it is blocking my downloads and what do you do when it says security hole detected do you want block this attack do i clink yes or no please answer

  • alex says:

    whats the way to remove win 7 home security 2012 from my computer without downloading anything because its blocking my downloads

  • LINDA says:

    I think it is shameful that someone can “contrive” a program, like this, just to make money off of people, under the auspices of scaring them into believing that they have viruses. THERE SHOULD BE A BE A LAW AGAINST THIS TYPE OF ACTION AND USE OF THE INTERNET!!!!

Leave a Reply

What is 14 + 10 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)