Home Malware Programs Rogue Anti-Virus Programs Win 7 Antivirus 2013

Win 7 Antivirus 2013

Posted: October 1, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 13
First Seen: October 1, 2012
OS(es) Affected: Windows

As a new variant of an old and oft-renamed hoax, Win 7 Antivirus 2013 may look like an anti-malware scanner but isn't capable of giving out alerts for anything other than fake threats. A new variant of scamware from the FakeRean family, Win 7 Antivirus 2013 is designed to interfere with your PC usage and display fraudulent warning messages until you give up and spend money to make Win 7 Antivirus 2013 calm down. SpywareRemove.com malware research team recommends otherwise, since Win 7 Antivirus 2013 can be registered without cost and doesn't have benevolent features worth purchasing in the first place. In many scenarios, rogue anti-malware programs from Win 7 Antivirus 2013's family can pose security hazards, besides being installed by separate PC threats that may make other attacks. However, most anti-malware products should be able to detect and delete Win 7 Antivirus 2013 with a minimum of difficulty – even if you may need to disable Win 7 Antivirus 2013 to regain access to these applications.

Why Win 7 Antivirus 2013 is More Than Just a Windows 7 Problem

Win 7 Antivirus 2013 markets itself as a brand-spanking-new anti-malware program for the latest version of Windows, but in appearance and functions, Win 7 Antivirus 2013 is completely unoriginal. As an observable clone of similar scamware, Win 7 Antivirus 2013's only features involve attacking your computer's security and substituting fake security alerts for real protection. Very similar members of Win 7 Antivirus 2013's family of fake anti-malware scanners include but aren't limited to such examples as Antivirus 2008 Pro, Windows Antivirus 2008, Vista Antivirus 2008, Antivirus XP 2008, PC Clean Pro, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, Rogue.Vista Antivirus 2008, XP Home Security 2012, XP Security 2012 and AntiVirus PRO 2015.

Win 7 Antivirus 2013's FakeRean family has been known to use many methods of distribution, including:

  • Drive-by-download attacks with configurable exploit packages like Blackhole Exploit Kit. These attacks tend to occur automatically and without symptoms, as long as the relevant exploitable programs (usually linked to Adobe software, Java or default Windows software) are in place.
  • Trojan downloaders and Trojan droppers (Tibs, Zlob, etc.) that can install a number of different types of malware, including Win 7 Antivirus 2013 or other FakeRean-based scamware. SpywareRemove.com malware experts have found that such Trojans are often distributed by spam e-mail or through fake media update links from malicious sites.

Win 7 Antivirus 2013 and its relatives have only expressed compatibility with Windows although they are compatible with all modern versions of the Windows OS.

The Real Security Shut Down That Win 7 Antivirus 2013 Uses to Enable Its Security Hoax

Win 7 Antivirus 2013's purpose is to display inaccurate pop-up warnings and system scans that make it seem as though your computer is infected by Trojans, spyware, viruses and other PC threats. Attempts to remove these threats only redirects you to a purchase form for Win 7 Antivirus 2013, which SpywareRemove.com malware experts, naturally, don't recommend trusting.

However, Win 7 Antivirus 2013's most notable attributes are its tendency, like other FakeRean family members of its branch, to attack security features of Windows. Windows Update, Security Center, Firewall and Defender may be inaccessible due to Win 7 Antivirus 2013's system changes. Win 7 Antivirus 2013 may also block websites and other programs through additional attacks.

Given these last facts, SpywareRemove.com malware experts are comfortable in labeling Win 7 Antivirus 2013 a security threat of a severe nature. Deleting Win 7 Antivirus 2013 should involve booting into Safe Mode or using other methods to block Win 7 Antivirus 2013. Once deactivated, Win 7 Antivirus 2013 can be removed with a good anti-malware product.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Win 7 Antivirus 2013 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe File name: %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\[RANDOM CHARACTERS].exe File name: %CommonAppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%LocalAppData%\[RANDOM CHARACTERS].exe File name: %LocalAppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\[RANDOM CHARACTERS].exe File name: %Temp%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\\DefaultIcon "(Default)" = '%1'HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"

Additional Information

The following messages's were detected:
# Message
1Malware intrusion!
Sensitive areas of your system ware found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.
2Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.


  • Kaito says:

    I have to buy it to fix it. Figures. Where are the instructions?

  • Maher says:

    no, but I have only seen it install on win7 i think it has a srpcit checking your system and accordingly displaying a win xp, vista or 7 version of the program, but the .exe will install on any windows.