Home Malware Programs Rogue Anti-Spyware Programs Win 7 Antimalware 2011

Win 7 Antimalware 2011

Posted: November 15, 2010

ScreenshotWin 7 Antimalware 2011 is a rogue anti-spyware application that uses Trojans or browser security holes to install itself into unsuspecting users' computers. Trojans associated with rogue anti-spyware programs come bundled in video codecs usually found in porn websites. Once the user downloads the trojan-infested video codec, the trojan installs malicious files used to perform illicit activities such as displaying popups with messages that state the computer is at risk of spyware and to download the recommended program. In most cases, the recommended program is a rogue anti-spyware program like Win 7 Antimalware 2011. Win 7 Antimalware 2011 uses the fake security notifications to alert users of imaginary spyware it has detected and to, ultimately, entice users to purchase the full version.


ScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%Local SettingsApplication DataopRSK %UserProfile%Local SettingsApplication Datapw.exe %UserProfile%Local SettingsApplication DataMSASCui.exe %UserProfile%AppDataLocalopRSK %UserProfile%AppDataLocalpw.exe %UserProfile%AppDataLocalMSASCui.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*HKEY_CLASSES_ROOTpezfileHKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*HKEY_CURRENT_USERSoftwareClassespezfileHKEY_CURRENT_USERSoftwareClassespezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-modeHKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"

Additional Information on Win 7 Antimalware 2011

  • The following messages's were detected:
    # Message
    1 System danger!
    Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

    System Hijack!
    System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

    Privacy threat!
    Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

    Stealth intrusion!
    Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

One Comment

  • Adam says:

    It is always best and sfesat to remove the malicious program with an anti-virus program. Sometime these malware (this sounds like a scareware). These programs scare you into providing it with more Information with nonexistent threats of more serious viruses. But left untreated this program can yield serious programs. So if you are unable to remove it with the anitvirus program (If you don't currently have one, this Program may prevent from downloading a new from the internet), I urge restoring your computer to a time before contracting the virus such as a couple of days ago. This usually works and does not ruin your data. Excellent Luck!

Loading...