Home Malware Programs Rogue Anti-Spyware Programs Win 7 Home Security Pro 2013

Win 7 Home Security Pro 2013

Posted: December 17, 2012

Threat Metric

Ranking: 16,832
Threat Level: 2/10
Infected PCs: 1,735
First Seen: December 17, 2012
Last Seen: September 6, 2023
OS(es) Affected: Windows

Win 7 Home Security Pro 2013 is one of the newest variants of fake anti-malware software in a bustling malware industry of them, and like all similar scamware, Win 7 Home Security Pro 2013 pretends to be a security product while eschewing any real security-benefiting features. By detecting nonexistent infections and other system problems, Win 7 Home Security Pro 2013 entices its victims to purchase its software so that its fake threats can be removed, but SpywareRemove.com malware experts have found that Win 7 Home Security Pro 2013, far from being a legitimate anti-malware tool, actually is a danger to your PC. Browser redirects, program malfunctions and other issues that often are linked to Win 7 Home Security Pro 2013 and its family should be dealt with by deleting Win 7 Home Security Pro 2013 – preferably, with an actual anti-malware program.

What Happens to Your Digital Home When Win 7 Home Security Pro 2013 Takes Care of It

Win 7 Home Security Pro 2013 is easily identified as a member of the Multi-rogue 2013 branch of FakeRean, a collection of similar scamware programs that are designed to attack Windows PCs. In the original installation (which are SpywareRemove.com malware experts have found usually to involve Blackhole Exploit Kit-abusing websites that are promoted in spammed out links), related PC threats will attempt detect the victim's operating system and install an appropriate FakeRean-based rogue anti-malware program such as Antivirus 2008 Pro, Antivirus XP 2008, Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, Rogue.Vista Antivirus 2008, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, XP Security 2012, XP Home Security 2012 and AntiVirus PRO 2015. Win 7 Home Security Pro 2013, thusly, is installed only on Windows 7 systems, similar to Win 7 Internet Security Pro 2013 or Win 7 Antivirus Pro 2010. Meanwhile, Windows XP users may be afflicted with XP Antispyware 2011 or Total XP Security, and Vista users with Antivirus Vista or Vista Antivirus Plus 2013.

Most recent variants of FakeRean, such as Win 7 Home Security Pro 2013, differ from each primarily in their brand names, with their appearances and malicious functions kept intact, and passed on from one variant to the next one. Win 7 Home Security Pro 2013 is, accordingly, guilty of the following attacks, all of which SpywareRemove.com malware analysts have observed in previous editions of FakeRean scamware:

  • As the definitive trait of a rogue anti-malware scanner, Win 7 Home Security Pro 2013 detects fictitious infections via various pop-up alerts and imitation system scans that will fail to be corroborated by any reputable type of anti-malware program. These alerts can include fake announcements of high-level attacks such as theft of confidential information.
  • Win 7 Home Security Pro 2013 can use multiple methods to block you from using other programs, including any application with an EXE extension, as well as many default Windows utilities.
  • Along with blocking actual programs, Win 7 Home Security Pro 2013 also can disable security-related functions for other programs that are crucial for using Windows safely. The Windows Firewall and Security Center are particularly noteworthy targets of these attacks.
  • Finally, not content with restricting your ability to use your own computer, Win 7 Home Security Pro 2013 also constricts your ability to browse the web. SpywareRemove.com malware analysts have found that these attacks include malicious changes to your proxy server settings and allow Win 7 Home Security Pro 2013 to redirect you to fake error pages whenever you try to visit a safe website.

Proofing Your Home Against a Win 7 Home Security Pro 2013 Invasion

Win 7 Home Security Pro 2013 may act as though Win 7 Home Security Pro 2013 is your only hope of removing all the malware that appears to be causing the above attacks, but since Win 7 Home Security Pro 2013 is the true underlying cause of such issues, you should, naturally, never buy Win 7 Home Security Pro 2013. SpywareRemove.com malware experts also note that you may need to boot Windows in Safe Mode as a temporary solution to resolve these problems prior to removing Win 7 Home Security Pro 2013 appropriately.

Win 7 Home Security Pro 2013 can be deleted with any competent anti-malware product, although an inadequately updated anti-malware scanner may not detect Win 7 Home Security Pro 2013 with complete accuracy. As is always true of rogue anti-malware products, if you give any personal information away by making the mistake of purchasing Win 7 Home Security Pro 2013, you should consider that information (such as credit card credentials) to be compromised and in criminal hands.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Temp%\[RANDOM CHARACTERS_2] File name: %Temp%\[RANDOM CHARACTERS_2]
Group: Malware file
%LocalAppData%\[RANDOM CHARACTERS_2] File name: %LocalAppData%\[RANDOM CHARACTERS_2]
Group: Malware file
%CommonApplData%\[RANDOM CHARACTERS_2] File name: %CommonApplData%\[RANDOM CHARACTERS_2]
Group: Malware file
%UserProfile%\Templates\[RANDOM CHARACTERS_2] File name: %UserProfile%\Templates\[RANDOM CHARACTERS_2]
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIconHKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownloadHKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]HKEY_CURRENT_USER\Software\Classes\.exeHKEY_CURRENT_USER\Software\Classes\.exe\shellHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1""%*HKEY_CURRENT_USER\Software\Classes\.exe\shell\runasHKEY_CURRENT_USER\Software\Classes\.exe\shell\openHKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ “[RANDOM CHARACTERS_1].exe” -a “%1" %*HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ ApplicationHKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownloadHKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ “%1" %*HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1" %*HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\openHKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIconHKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shellHKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand “%1" %*HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ “%1" %*HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand “%1" %*HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ “[RANDOM CHARACTERS_1].exe” -a “%1" %*HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runasHKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command

Additional Information

The following URL's were detected:
groinmonsieur.com
Loading...