Home Malware Programs Rogue Anti-Virus Programs Win 7 AntiVirus 2011

Win 7 AntiVirus 2011

Posted: February 28, 2011

Win 7 AntiVirus 2011 is one of many possible names a singular rogue security program hides under to threaten your computer and credit card. After infecting your PC while pretending to be a handy anti-virus tool, Win 7 AntiVirus 2011 will distract you with fake infection pop-ups while simultaneously causing system problems like browser hijacks and disabled applications. The goal behind Win 7 AntiVirus 2011's triple assault is to make you buy a registration key, but you don't need to do that to get all of these problems to stop - all you have to do is delete Win 7 AntiVirus 2011 through traditional anti-malware methods.

Win 7 AntiVirus 2011: a Soft-Gloved Appearance Atop Vicious Clawed Attacks

Like many other rogue security programs, Win 7 AntiVirus 2011 pretends to be an anti-virus and general system protection tool, with a look similar to that of most real scanners. Unlike a real scanner, though, Win 7 AntiVirus 2011 will only detect fake infections that aren't on your PC! Win 7 AntiVirus 2011's alerts and warnings are all preset and will appear without regard for any real infections or lack thereof on your system. Some well-known Win 7 AntiVirus 2011 fake alerts include:

“Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue security software. Eliminate the infection safely, perform a security scan and deletion now.”

“Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.”

“Win 7 AntiVirus 2011 Firewall Alert!
Win 7 AntiVirus 2011 has blocked a program from accessing the Internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.”

“Windows Security Center
Win 7 AntiVirus 2011 reports that it is currently turned off. A firewall helps to protect your computer from potentially harmful content on the Internet. Click Recommendations to learn how to fix this problem.”

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Security breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan.

You should be careful to avoid trusting these errors. Following their advice may lead to you deleting harmless files or redirecting your browser to malicious websites. If these errors and other attacks are making it problematic to remove Win 7 AntiVirus 2011, you can try registering Win 7 AntiVirus 2011 with the code '1147-175591-6550.' This may reduce the attacks, and make it easier to get rid of Win 7 AntiVirus 2011 without interruptions.

Being the Real 'Antivirus' to Win 7 AntiVirus 2011

Removing Win 7 AntiVirus 2011 is easier said than done even when you realize that Win 7 AntiVirus 2011 is nothing but a pest for your computer. Aside from its fake anti-virus features, Win 7 AntiVirus 2011 will also cause:

  • Hijacks on your web browser. These can block you from websites by putting up fake unsafe website warnings or advertisements, as well as force you to visit websites like Win 7 AntiVirus 2011's home site. You may also find that your homepage has been changed to a malicious one related to Win 7 AntiVirus 2011 or other threats.
  • Problems with launching and running applications. In particular, Win 7 AntiVirus 2011 may stop you from using any anti-virus software or programs related to system maintenance, such as the Registry Editor or Task Manager. The program in question may crash without warning or with a fake alert about corruption or the presence of an infection.
  • Generally lowered security such as a lack of access to Windows updates or your firewall settings. Even if these programs appear to be active, Win 7 AntiVirus 2011 may tunnel exceptions into them to turn them into worthless Swiss cheese.

As is typically the case for most types of malware like viruses, worms or other threats, Win 7 AntiVirus 2011 will corrupt your Windows Registry to place itself into your Windows startup lineup. Assume that Win 7 AntiVirus 2011 is active even if you don't see it, since Win 7 AntiVirus 2011 may be working as a background memory process.

Removing Win 7 AntiVirus 2011 is a two-step ordeal. The first step is to stop Win 7 AntiVirus 2011 from running by switching to Safe Mode or a similar controlled environment for scans. The second step is even easier – just grab your choice of reputable anti-malware scanner and run a full scan. As long as your scanner is high-quality and completely updated, deleting Win 7 AntiVirus 2011 should occur without undesirable side effects.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
    2 %AppData%\t3e0ilfioi3684m2nt3ps2b6lru
    3 %Temp%\t3e0ilfioi3684m2nt3ps2b6lru
    4 %UserProfile%\Local Settings\Application Data\.exe
    5 %UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
Loading...