Im-Infected / Rogue / Win 7 Internet Security 2012

Win 7 Internet Security 2012

This part of web site contains full description and analysis on Win 7 Internet Security 2012 as well as removal procedures and necessary tools.

Options : » Discuss » Print » Bookmark

Risk Rating of 3 Is Given For This Threat

Date Posted: June 7th, 2011

Discussion: No Response

Win 7 Internet Security 2012 may get inside the computer by pretending as an update for Windows OS security. When loaded successfully, it will configure itself to run automatically by adding its own registry entries. Thus, it may gain control of the compromised PC and command its operation. It also redirect Internet browser to malicious web sites. Another type of threat can be downloaded from this site or additional file will be dropped on to victim’s computer to enhance the operation of Win 7 Internet Security 2012.

Graphical User Interface of Win 7 Internet Security 2012

This type of program will gather information from victim’s computer. It has the ability to identify Operating System and install necessary version as monitored. Thus, XP Internet Security 2012 will be loaded on Windows XP machine, Vista Internet Security 2012 for Vista OS and so on. Rogue programs such as mentioned will provide severe harm that may cause the infected computer to stop responding. It may also prevent execution of installed software and declare that the file must be cleaned from virus infection. Again, it will advise to use the licensed version of the rogue program, which is not advisable since it was detected as fake.

Type Rogue
Sub-Type FakeAV
Aliases XP Internet Security 2012, Vista Internet Security 2012
OS Affected Windows
Detected By MalwareBytes

What are the Symptoms of Win 7 Internet Security 2012?

Presence of Win 7 Internet Security 2012 will bring annoyances. There will be many pop-up alerts stating false virus detection. It will also detect some intrusions from unknown attacker and mimics Windows system tray alert to produce the warning.

Virus Intrusion!
Your computer security is at risk. Spyware, worms and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.

During a fake scan conducted by Win 7 Internet Security 2012, it identifies numerous risky threats. You need not to worry. Threats detected by fake anti-virus applications are merely for deceptive tactics. One of the so many threats it may detect is Trojan-Spy.HTML.Bankfraud.jk.

Automatic Removal of Win 7 Internet Security 2012

STEP 1 – Registration

It is important that you enter the provided serial number and register Win 7 Internet Security 2012. While running in full version, you may take back Internet access previously blocks by the malware. It is common for rogue program to prevent infected computer from browsing the web to avoid downloading of removal tool.

A) To enter the registration code, click on “Registration” located at the top of Win 7 Internet Security 2012 console.

 

B) On registration box, click on “Manual Activation” and type any of the following key below on the box labeled Reg key: . Then click on “Activate Now.”

3425-814615-3990
1147-175591-6550

C) Once activated, Win 7 Internet Security 2012 will attempt to remove detected threats. After that, it will also update the program. These process will take a while. You may cancel “Removing… and “Updating…” process and proceed with the actual removal immediately.

Now that Win 7 Internet Security 2012 is running in full version, your computer will work normally even with the presence of the malware. Accessing the Internet will not be a problem and you can now download the removal tool as on next step.

Step 2 – Download Removal Tool

A) Download the removal tool and save it to any location on your hard drive. For quick access, it is recommended to save on your desktop.

Win 7 Internet Security 2012 Remover
Download Now

B) After downloading, locate the file and double-click to install. If unable to execute, right-click on the file and select “Run as Administrator.”

C) Install the program with default configuration. No changes is required during the installation process. It will open and update the database afterwards.

Step 3 – Restart Computer in Safe Mode

A) From an OFF mode, turn on the computer and before Windows logo begins to load, press F8 on your keyboard.

B) Windows will display Advance Boot Options menu. Select Safe Mode from the list. While on Safe Mode, Windows will only load minimal files and registry enties excluding malicious components created by Win 7 Internet Security 2012.

Step 4 – Scan and Remove

A) While on Safe Mode of Windows, locate the installed removal program. Double-click to run it.

B) Choose the option where you can provide full scan on the computer. Doing full scan is necessary to find all files and registry entries that are related to Win 7 Internet Security 2012.

C) Once finished scanning, it will display all detected threats. Mark all items with check and click on “Remove Selected.” The program will prompt you to restart the computer, please do so.

IMPORTANT! Proceed to Step 3 of Manual Removal below to remove Rootkit Trojan associate with this malware.

How to Remove Win 7 Internet Security 2012 Manually

Step 1 – Fix Windows Registry and Delete Files

A) Press F8 on keyboard as soon as you turn on the computer. Select Safe Mode from the list. This method loads only minimal resources of Windows.

B) There is a possibility that the malware will prevent your from running executable files. Win 7 Internet Security 2012 also made changes to Windows registry that will launch a fake pop-up alerts when you attempt to run any programs. We need to resolve this issue by downloading the following file to fix the registry

FixReg.reg (http://file-download.im-infected.com/FixReg.reg)

Note: If malware prevents you from downloading the file, please get it using a separate clean computer. Transfer the file to an infected unit using optical disc such as CD and DVD, flash drive, external hard drive or memory modules.

C) Delete Windows registry entries. It is important to BACKUP YOUR REGISTRY FIRST.
- On Windows Start Menu, Click Start > Run. Alternatively, you can press [Windows Key] + R on your keyboard.
- Type in the field, regedit
- Find and delete the following registry entries

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\ypo.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\ypo.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\dfr.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\ypo.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\ypo.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\ypo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'

D) Files related to Win 7 Internet Security 2012 must be deleted:
- Browse and delete malicious files below.
- Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.

%AllUsersProfile%\PNVABCSKNEEU3F7FBJ5H2FN8
%LocalAppData%\ypo.exe
%Temp%\PNVABCSKNEEU3F7FBJ5H2FN8
%LocalAppData%\PNVABCSKNEEU3F7FBJ5H2FN8
%AppData%\TEMPLATES\PNVABCSKNEEU3F7FBJ5H2FN8

Note: PNVABCSKNEEU3F7FBJ5H2FN8 and ypo.exe can be any random characters. The malware uses random file name whenever it is installed on the system.

Step 2 – Run Antivirus Program

A) You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats. Some antivirus programs update itself on a regular basis. There is also an option for manual update through the console of antivirus application.

B) Once updated, thoroughly scan the computer and clean or delete all detected threats. If your AV software is unable to delete malicious files, better put them into quarantine.

Step 3 – Remove the Rootkit Trojan

Rootkit Trojan are the one responsible why your system is infected with Win 7 Internet Security 2012. This is also liable for most of the irregularities happening to your computer. Failure to remove rootkit Trojan may reinstate other infections including the rogue security application.

A) First, you need to download TDSS Killer from this location:

http://support.kaspersky.com/faq/?qid=208280684

Copy and paste the link to your browser. Once you are on the legitimate page of anti-rootkit, follow required instructions to download and install TDSSKiller.

B) When fully installed, click on the icon to run the program.

C) Press the button that says “Start Scan” to begin detection of malicious objects.

D) It will display a list of detected objects and their description. This tool will recommend the appropriate action (Cure or Delete). We suggest to Cure objects that were identified Suspicious.

E) To apply desired actions, click on Continue. It will display the result and advise to restart the computer.

Win 7 Internet Security 2012 Discussions

  1. No comments yet.
  1. No trackbacks yet.