Im-Infected / Rogue / Win 7 Home Security 2012

Win 7 Home Security 2012

This part of web site contains full description and analysis on Win 7 Home Security 2012 as well as removal procedures and necessary tools.

Options : » Discuss » Print » Bookmark

Risk Rating of 3 Is Given For This Threat

Date Posted: January 15th, 2012

Discussion: No Response

Win 7 Home Security 2012 is a modified version of rogue security software currently spreading over the Internet. There are a number of variations for this type infection depending on victim’s operating system. The reason for such multiple versions is to incorporate the malware on the OS of user’s computer and pretend as a legitimate Windows security program.

Just as any fake antivirus applications, it is obvious that main purpose is to mislead users and convince them to pay for the paid version of Win 7 Home Security 2012. Just to remind you once more, registered version of a rogue program is worthless. It is useless and inefficient in fighting computer viruses and other forms of threats. The main concern of Win 7 Home Security 2012’s author is to gain profit from this online fraudulent operation.

Graphical User Interface (GUI) of Win 7 Home Security 2012

Win 7 Home Security 2012 may instantly show up on your PC without actual intervention. It was designed to penetrate the system by spotting weaknesses that it may use as an entry point. Once it is inside, your security application is at risk. Win 7 Home Security 2012 can disable antivirus and firewall programs easily by altering the registry. This is why updating your installed antivirus program is very important. Retaining updated security software helps protect the computer and blocks unnecessary activities coming from malware.

If your computer faces trouble with Win 7 Home Security 2012, follow the guide on this page. Dealing with this problem as early as possible will prevent additional harm and damages.

Type Rogue
Sub-Type FakeAV
Aliases XP Home Security 2012, Vista Home Security 2012
OS Affected Windows 7
Detected By MalwareBytes

What are the Symptoms of Win 7 Home Security 2012?

Symptoms of Win 7 Home Security 2012 are very similar to any other rogue security product. It displays false information regarding security status of the computer and detects imaginary threats such as this one:

Critical system alert!
Unknown software is trying to take control over your system!
Attack from: 78.221.28.23 port: 51052
Attacked port: 54228
Threat: Email-Wom.JS.Gigger
Do you want to block this attack?

Automatic Removal of Win 7 Home Security 2012

STEP 1 – Registration

It is important that you enter the provided serial number and register Win 7 Home Security 2012. While running in full version, you may take back Internet access previously blocks by the malware. It is common for rogue program to prevent infected computer from browsing the web to avoid downloading of removal tool.

A) To enter the registration code, click on “Registration” located at the top of Win 7 Home Security 2012 console.

 

B) On registration box, click on “Manual Activation” and type any of the following key below on the box labeled Reg key: . Then click on “Activate Now.”

3425-814615-3990
1147-175591-6550

C) Once activated, Win 7 Home Security 2012 will attempt to remove detected threats. After that, it will also update the program. These process will take a while. You may cancel “Removing… and “Updating…” process and proceed with the actual removal immediately.

Now that Win 7 Home Security 2012 is running in full version, your computer will work normally even with the presence of the malware. Accessing the Internet will not be a problem and you can now download the removal tool as on next step.

Step 2 – Download Removal Tool

A) Download the removal tool and save it to any location on your hard drive. For quick access, it is recommended to save on your desktop.

Win 7 Home Security 2012 Remover
Download Now

B) After downloading, locate the file and double-click to install. If unable to execute, right-click on the file and select “Run as Administrator.”

C) Install the program with default configuration. No changes is required during the installation process. It will open and update the database afterwards.

Step 3 – Restart Computer in Safe Mode

A) From an OFF mode, turn on the computer and before Windows logo begins to load, press F8 on your keyboard.

B) Windows will display Advance Boot Options menu. Select Safe Mode from the list. While on Safe Mode, Windows will only load minimal files and registry enties excluding malicious components created by Win 7 Home Security 2012.

Step 4 – Scan and Remove

A) While on Safe Mode of Windows, locate the installed removal program. Double-click to run it.

B) Choose the option where you can provide full scan on the computer. Doing full scan is necessary to find all files and registry entries that are related to Win 7 Home Security 2012.

C) Once finished scanning, it will display all detected threats. Mark all items with check and click on “Remove Selected.” The program will prompt you to restart the computer, please do so.

IMPORTANT! Proceed to Step 3 of Manual Removal below to remove Rootkit Trojan associate with this malware.

How to Remove Win 7 Home Security 2012 Manually

Step 1 – Fix Windows Registry and Delete Files

A) Press F8 on keyboard as soon as you turn on the computer. Select Safe Mode from the list. This method loads only minimal resources of Windows.

B) There is a possibility that the malware will prevent your from running executable files. Win 7 Home Security 2012 also made changes to Windows registry that will launch a fake pop-up alerts when you attempt to run any programs. We need to resolve this issue by downloading the following file to fix the registry

FixReg-Win7.reg (http://file-download.im-infected.com/FixReg-Win7.reg)

Note: If malware prevents you from downloading the file, please get it using a separate clean computer. Transfer the file to an infected unit using optical disc such as CD and DVD, flash drive, external hard drive or memory modules.

C) Delete Windows registry entries. It is important to BACKUP YOUR REGISTRY FIRST.
- On Windows Start Menu, Click Start > Run. Alternatively, you can press [Windows Key] + R on your keyboard.
- Type in the field, regedit
- Find and delete the following registry entries

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\tuy.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\tuy.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\tuy.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\tuy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\tuy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\tuy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'

D) Files related to Win 7 Home Security 2012 must be deleted:
- Browse and delete malicious files below.
- Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.

%AllUsersProfile%\PN7BJVABFCSJ86EU3F5HK2FN
%LocalAppData%\tuy.exe
%Temp%\PN7BJVABFCSJ86EU3F5HK2FN
%LocalAppData%\PN7BJVABFCSJ86EU3F5HK2FN
%AppData%\TEMPLATES\PN7BJVABFCSJ86EU3F5HK2FN

Note: PN7BJVABFCSJ86EU3F5HK2FN and tuy.exe can be any random characters. The malware uses random file name whenever it is installed on the system.

Step 2 – Run Antivirus Program

A) You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats. Some antivirus programs update itself on a regular basis. There is also an option for manual update through the console of antivirus application.

B) Once updated, thoroughly scan the computer and clean or delete all detected threats. If your AV software is unable to delete malicious files, better put them into quarantine.

Step 3 – Remove the Rootkit Trojan

Rootkit Trojan are the one responsible why your system is infected with Win 7 Home Security 2012. This is also liable for most of the irregularities happening to your computer. Failure to remove rootkit Trojan may reinstate other infections including the rogue security application.

A) First, you need to download TDSS Killer from this location:

http://support.kaspersky.com/faq/?qid=208280684

Copy and paste the link to your browser. Once you are on the legitimate page of anti-rootkit, follow required instructions to download and install TDSSKiller.

B) When fully installed, click on the icon to run the program.

C) Press the button that says “Start Scan” to begin detection of malicious objects.

D) It will display a list of detected objects and their description. This tool will recommend the appropriate action (Cure or Delete). We suggest to Cure objects that were identified Suspicious.

E) To apply desired actions, click on Continue. It will display the result and advise to restart the computer.

Win 7 Home Security 2012 Discussions

  1. No comments yet.
  1. No trackbacks yet.