Win 7 Internet Security 2012

Posted: June 7, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	37

First Seen:	December 14, 2011
Last Seen:	November 15, 2020
OS(es) Affected:	Windows

Win 7 Internet Security 2012 is a duplicate of similar rogue security programs that also pretend to be security applications. Unlike a real security product, Win 7 Internet Security 2012 can only detect fake threats that aren't on your PC, and will always detect problems with your computer without trying to inspect the actual files. Infections related to Win 7 Internet Security 2012 have also been noted to cause browser hijacks and difficulties with accessing unrelated programs. Due to the above attacks in particular, you should delete Win 7 Internet Security 2012 by using a serious anti-malware program as soon as it's convenient.

Win 7 Internet Security 2012 – Not Just for Windows 7, Despite the Name

Win 7 Internet Security 2012 is a flat-out copy of other rogue security programs, and shares both its malicious behavior, appearance and overall lack of beneficial functionality with these fellow threats. Other rogue security programs in the same family as Win 7 Internet Security 2012 include Vista Home Security 2012, Win 7 Home Security 2012, XP Home Security 2012, XP Antivirus 2012, Win 7 Anti-Spyware 2012 and Vista Anti-virus 2012.

As is also the case with other threats that are related to Win 7 Internet Security 2012, Win 7 Internet Security 2012 imitates the look and feel of an anti-virus scanner but can't detect or remove viruses or other PC threats. Win 7 Internet Security 2012 infections will persistently fake those features, however, by using inaccurate system scans and pop-ups like the following:

System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.

System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)

These fake errors only exist to make you want to purchase Win 7 Internet Security 2012 to remove all these nonexistent problems, since Win 7 Internet Security 2012 claims that Win 7 Internet Security 2012 can't remove threats until you purchase a registered version of the program.

Visiting the Win 7 Internet Security 2012 website is strongly discouraged, since websites related to Win 7 Internet Security 2012 may attack your PC through browser vulnerabilities, and are likely to attempt to harvest your credit card number and other private information.

The Attacks That Add the Hurtful Edge to Win 7 Internet Security 2012's Scam

Win 7 Internet Security 2012 can also cause browser hijacks that take over your ability to browse websites. Hijacks are able to change your homepage, create fake 'unsafe website' errors and pop-ups or even redirect you to a harmful website.

Computers that are infected by Win 7 Internet Security 2012 may also have problems running any number of other programs, due to Win 7 Internet Security 2012 blocking them. Win 7 Internet Security 2012's application blacklist may be assisted by fake errors similar to the ones seen above, in an attempt to convince you that the program is actually infected.

Since Win 7 Internet Security 2012 launches itself by adding startup entries to your Windows Registry, disabling these attacks requires that you disable Win 7 Internet Security 2012's startup routine, too. If you're using Windows, pressing F8 during system startup will let you access the Safe Mode menu. Safe Mode will stop unnecessary Registry entries from running, including Win 7 Internet Security 2012's entries.

Deleting Win 7 Internet Security 2012 is a relatively straightforward task, once you've used the above technique to stop any application-blocking or browser hijack attacks

File System Modifications

The following files were created in the system:

#	File Name
1	%AllUsersProfile%\[RANDOM CHARACTERS]
2	%AppData%\Local\[RANDOM CHARACTERS]
3	%AppData%\Local\[RANDOM CHARACTERS].exe
4	%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
5	%Temp%\[RANDOM CHARACTERS]

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’