Windows 7 Antispyware 2012
Posted: February 9, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 2/10 |
---|---|
Infected PCs: | 35 |
First Seen: | February 9, 2012 |
---|---|
OS(es) Affected: | Windows |
Like other members of the FakeRean family, Windows 7 Antispyware 2012 is a scamware program (specifically, a fake anti-spyware scanner) that creates inaccurate alerts, notifications and other types of pop-ups on its way to encourage you to spend money on its nonexistent ability to find and remove spyware. Because Windows 7 Antispyware 2012 can't find real spyware or other PC threats on your computer, there's no reason to hang back from deleting Windows 7 Antispyware 2012, which, as SpywareRemove.com malware researchers have noted, may also be used to attack your real security programs or hijack your web browser. As a significant risk to your computer's security, Windows 7 Antispyware 2012 should be removed by dedicated anti-malware software as soon as a chance to do so arises.
Windows 7 Antispyware 2012 – the New Year's Version of an Age-Old Hoax
Windows 7 Antispyware 2012 is built off of a basic template that's been circulated throughout the FakeRean for several years; this template has also been recycled for countless other variants of fake anti-malware products, such as Antivirus 2008 Pro, Antivirus XP 2008, Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, Rogue.Vista Antivirus 2008, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, XP Security 2012, XP Home Security 2012 and AntiVirus PRO 2015. As a new version of this reused scamware, Windows 7 Antispyware 2012 may possess additional functions, but its primary features are the same as those of any FakeRean-based rogue anti-malware scanner: inaccurate system scans, automatic startup, fake warning messages, browser redirect attacks and attempts to hinder genuine anti-malware programs from removing Windows 7 Antispyware 2012.
SpywareRemove.com malware research team has discovered that error messages from Windows 7 Antispyware 2012 can come in a wide range of, nonetheless, always fraudulent forms, some of which are noted below:
Windows 7 Antispyware 2012 Alert
System Hacked!
Unknown program is scanning your system registry right now! Identity theft detected!
Threat: Backdoor.Perl.AEI.16
Virus Intrusion!
Your computer security is at risk. Spyware, worms, and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.
Windows 7 Antispyware 2012 Alert
System Integrity Check
Warning! Sensitive data may be sent over your internet connection right now!
Threat: Trojan-PSW.Win32.Antigen.A
Malware Intrusion!
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.
Windows 7 Antispyware 2012 Firewall Alert
Windows 7 Antispyware 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
Warnings from Windows 7 Antispyware 2012 may also be used in conjunction with other attacks; for example, the following alert may be shown when Windows 7 Antispyware 2012 blocks a (safe, contrary to Windows 7 Antispyware 2012's word) website in your web browser:
Windows 7 Antispyware 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site's pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.
Things you can do:
– Get a copy of [rogue program name] to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)
Other Things to Worry About from Windows 7 Antispyware 2012
In addition to the issues noted above, SpywareRemove.com malware experts have found that Windows 7 Antispyware 2012 is also likely to attempt to redirect your web browser to its own website or attack real anti-malware applications that could remove Windows 7 Antispyware 2012. Due to these risks, Windows 7 Antispyware 2012 should be considered a danger to your computer's security in addition to a nuisance, and you should never attempt to tolerate Windows 7 Antispyware 2012's presence on your PC if viable removal options are available.
Although Windows 7 Antispyware 2012, like other types of scamware products is specific to Windows, variants of Windows 7 Antispyware 2012 are able to infect other versions of that OS besides Windows 7. FakeRean rogue anti-spyware programs typically install themselves in a fashion so as to match the infected OS, so, for instance, Windows 7 Antispyware 2012 may present itself as Windows Vista Antivirus 2012 on a Vista-based PC. In all cases, SpywareRemove.com malware analysts warn that you should consider any rogue anti-spyware program that resembles Windows 7 Antispyware 2012 to be equivalently dangerous to your PC.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\Local\[random characters].exe
File name: %AppData%\Local\[random characters].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\rghjfykak9992kdslspiw64hd
File name: %AllUsersProfile%\rghjfykak9992kdslspiw64hdGroup: Malware file
%AppData%\Local\rghjfykak9992kdslspiw64hd
File name: %AppData%\Local\rghjfykak9992kdslspiw64hdGroup: Malware file
%AppData%\Roaming\Microsoft\Windows\Templates\rghjfykak9992kdslspiw64hd
File name: %AppData%\Roaming\Microsoft\Windows\Templates\rghjfykak9992kdslspiw64hdGroup: Malware file
%Temp%\rghjfykak9992kdslspiw64hd
File name: %Temp%\rghjfykak9992kdslspiw64hdGroup: Malware file
%LocalAppData%\ppn.exe
File name: %LocalAppData%\ppn.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%LocalAppData%\kdn.exe
File name: %LocalAppData%\kdn.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%LocalAppData%\u3f7pnvfncsjk2e86abfbj5h
File name: %LocalAppData%\u3f7pnvfncsjk2e86abfbj5hGroup: Malware file
%UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h
File name: %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5hGroup: Malware file
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h
File name: %AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5hGroup: Malware file
%Temp%\u3f7pnvfncsjk2e86abfbj5h
File name: %Temp%\u3f7pnvfncsjk2e86abfbj5hGroup: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1? = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1?HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1? %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1? %*'HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1?HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1? %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1? %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.