Win 7 Total Security 2012

By | June 7, 2011 | 0 Comment

Win 7 Total Security 2012 (also Vista Total Security 2012 and XP Total Security 2012) is a potentially unwanted program. This misleading software is a mimic of Vista Total Security 2012 and XP Total Security 2012. It will be installed on the computer using three random characters that will serve as its main executable file. When Win 7 Total Security 2012 is on the system, it will hijack Internet browser and redirect every search result link to a malicious web sites. The web site where you are pointed at will bring more harm to the computer. It may download and execute additional malware without user’s involvement.

You can avoid this threat at its first attack. By simply not clicking on a link produced on fake online virus scanner may hinder the installation of the malware. Although, browser redirects instances is an indication that your computer is already infected with the Trojan. To deal with the Trojan, run a full scan of your antivirus program. Make sure that it has the most recent database so that it can catch latest type of viruses.

Type Rogue
Sub-Type FakeAV
OS Affected Windows XP, Windows Vista, Windows 7

What are the Symptoms of Win 7 Total Security 2012 Infection?

Win 7 Total Security 2012 Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Classes\.exe “(Default)” = ‘exefile’
HKCU\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKCU\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1’ = ‘”%UserProfile%\Local Settings\Application Data\(random 3 letters).exe” /START “%1” %*’
HKCU\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKCU\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKCU\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKCU\Software\Classes\exefile “(Default)” = ‘Application’
HKCU\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKCU\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1’
… plus a lot more registry entries and subkeys.

The threat will drop the following malicious files:
– Windowws 7 and Windows Vista:
%AllUsersProfile%\rtyhnlp79oq1zvxgt56dfgt22k (or any random)
%AppData%\Local\rtyhnlp79oq1zvxgt56dfgt22k (or any random)
%AppData%\Roaming\Microsoft\Windows\Templates\rtyhnlp79oq1zvxgt56dfgt22k (or any random)
%Temp%\rtyhnlp79oq1zvxgt56dfgt22k (or any random)

– Windows XP:
%AllUsersProfile%\rtyhnlp79oq1zvxgt56dfgt22k (or any random)
%AppData%\rtyhnlp79oq1zvxgt56dfgt22k (or any random)
%UserProfile%\Local Settings\Application Data\.exe
%UserProfile%\Templates\rtyhnlp79oq1zvxgt56dfgt22k (or any random)
%Temp%\rtyhnlp79oq1zvxgt56dfgt22k (or any random)

Leave a Reply

Your email address will not be published. Required fields are marked *