Home Malware Programs Rogue Anti-Spyware Programs Total Win 7 Security

Total Win 7 Security

Posted: March 17, 2010

Total Win 7 Security looks like a system security scanner on the outside, but on the inside, Total Win 7 Security actually attacks your security by controlling your web browser and crashing security-related programs. Total Win 7 Security will run without asking for your permission, and delivers fake information about infections to garner your trust. Instead of giving Total Win 7 Security what it wants (your money!), you should delete Total Win 7 Security by utilizing the best possible anti-malware scanner that's available.

Total Win 7 Security is a Total Train Wreck for Your PC Security

You may accidentally get infected by Total Win 7 Security when visiting a malicious website or a website that hosts malicious advertisements. Sites that are known to be affiliated with Total Win 7 Security include antivirus-one-care2010.com, cavertunelo.com, live-pccare.com, live-pc-care.com, one-care-antivirus.com, onecare-antivirus2010.com, pc-livecare.com, pc-livecare2010.com, securitypccare.com, security-pccare.com, windows-live-care.com, win-live-care2010.com, winlive-care21.com and win-live-care.com.

Along with the wide variety of sites you can get Total Win 7 Security from without intending to do so, Total Win 7 Security will also try to infiltrate your system under a wide variety of names. Total XP Security, Vista Home Security 2011, XP Antispyware 2011 and XP Internet Security 2011 are just some of the many different names you might find Total Win 7 Security using for a disguise. In general, you can expect Total Win 7 Security to hide the operating system section of its name to match the OS Total Win 7 Security is trying to infect.

In its disguise as a fake security scanner, Total Win 7 Security will create many different pop-up alerts to frighten you and redirect you to its malicious website. You can see some of Total Win 7 Security's fake alerts below:

“Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.”

“Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.”

“Total Win 7 Security Firewall Alert!
Total Win 7 Security has blocked a program from accessing the Internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.”

“Windows Security Center
Total Win 7 Security reports that it is currently turned off. A firewall helps to protect your computer from potentially harmful content on the Internet. Click Recommendations to learn how to fix this problem.”

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Security breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan.

Although you do have an infection to worry about, in reality, it's Total Win 7 Security, and not any of the fake problems Total Win 7 Security is making up to aid its swindling attempts. Going along with Total Win 7 Security's plan and purchasing its fake full version may make your computer work better in the short term, but in the long term, Total Win 7 Security places your credit card in danger of other fraudulent charges.

How to Clean Up the Total Win 7 Security Mess

You should also be aware of the other attacks Total Win 7 Security will make on your PC while Total Win 7 Security is busy distracting you with fake infection pop-ups:

  • Total Win 7 Security will add startup entries to your Registry. This lets Total Win 7 Security launch itself every time you reboot. Even if you close Total Win 7 Security, it may continue to run as a background process. You may be able to spot this malicious process in Task Manager, if Total Win 7 Security allows you to use it.
  • Total Win 7 Security may stop you from running a large number of programs, especially programs that can help you detect or remove malware threats like Total Win 7 Security. Renaming the file may let you run the application without Total Win 7 Security attacking it.
  • Total Win 7 Security can hijack your web browser to stop you from downloading anti-malware installation files or other useful files from the Internet. This can extend to creating fake errors, changing your homepage, or redirecting you to a dangerous site after you click a link in a search engine result list.
  • Total Win 7 Security may create additional files in sensitive locations like your Windows system folder. These files may be randomly-named or concealed with the Hidden or System attributes. You can change your file-viewing settings in Windows to show these files if you want to track them down.

Removal of Total Win 7 Security depends on using a combination of good anti-malware programs and tools inherent to Windows. Safe Mode is the recommended environment for any system scan and will stop Total Win 7 Security and other less sophisticated threats from their attacks. You should also strongly consider using a true anti-malware scanner instead of trying to find and remove all of Total Win 7 Security's components yourself.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 av.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

One Comment

  • innaiah pothacamury says:

    I dont understand. I already know that I have a malicious software, Spyhunter does not have to scan and rtell me about it. But how can I load spyhunter when I cant access the internet. So instead of paying for win 7 total I have to buy spyhunter.
    It does not make anysense.

Loading...