Click on screenshot to zoom
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • Annoying Pop-up's
  • Slow Computer

Win 7 Security 2012

With a wave of sophisticated rogue security tools entering the market, it has become increasingly difficult for users to differentiate between genuine and rubbish security tools such as Win 7 Security 2012. This rogue in particular comes with the advanced ability to detect which type of operating system the user is running, and changing its properties accordingly. This means that should the user have Windows XP on the PC, the rogue will change its name to XP Security 2012, and so on.

This level of sophistication is the reason why even expert users are finding it more difficult to steer clear of rogue security tools. Win 7 Security 2012 follows the expected route of infiltration – making use of bogus online malware scanners and rubbish browser hijackers. Once the rogue succeeds in entering the PC and rooting its infection, it will start its attack. This will be heralded by the user being unable to launch any type of application on the system, and instead will have Win 7 Security 2012 launched each time.

When the user logs on, the rogue will start a fake system scan. This will yield many false security threats as being present on the system. The user will also find himself unable to connect to the Internet. This all forms part of Win 7 Security 2012’s attack against the system, in an effort to prevent the user from downloading or running an application which may be able to identify and remove Win 7 Security 2012 from the system.

Other reported symptoms associated with this rogue include increased erratic system behavior, as well as extremely poor system performance. It will also hide the contents of certain system folders, and generate and delete Desktop items at will.

In order to get rid of Win 7 Security 2012 and protect yourself from the certain devastation this rogue will cause to your PC, employ the removal power of a genuine and legitimate security tool. This will also serve to offer protection against similar future attacks.

The rogue removal will be easier if you used these activation codes to “register” the rogue:

2233-298080-3424
3425-814615-3990
9443-077673-5028

This rogue is particularly annoying because right after the installation it blocks every single exe file and you can no longer run your computer. Then there is nothing else left to but to restart your computer. When you do, while it boots press F8 and select to load the Safe Mode with Networking, so that you could download SpyHunter from our website. Then restart again, and load your computer in Normal mode to install SpyHunter. Another way to install the program is to download it on another computer, rename the installer file from installer.exe to installer.com and then transfer the file into a USB flash drive. Plug the drive into the infected computer and use it to install the program.

Once SpyHunter is installed, it will scan your computer and detect the rogue, and kill it.

NOTE: Just because you can no longer see the rogue it does not mean that it doesn’t exist. Perform a full system scan to locate and terminate all of its components, because any file associated with the rogue can leave your computer’s door open for other malware.

Download Spyware Removal Tool to Remove* Win 7 Security 2012
  • Quick & tested solution for Win 7 Security 2012 removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Win 7 Security 2012

Files associated with Win 7 Security 2012 infection:

%USERPROFILE%\Lokale Einstellungen\Anwendungsdaten
xwo.exe
voh.exe
vmf.exe
ugs.exe
oey.exe
nur.exe
mbw.exe
kpr.exe
fvg.exe
cil.exe
auf.exe
uio.exe
rjw.exe
guv.exe
etq.exe
afu.exe
%AppData%\[random].exe
guv.exe
afu.exe
oey.exe
%APPDATA%\?????
mbw.exe
ugs.exe
vmf.exe
%PROGRAMFILES(x86)%\?????
auf.exe
xwo.exe
uio.exe
kpr.exe
voh.exe
fvg.exe
cil.exe
%WINDIR%\system32
nur.exe
etq.exe
%USERPROFILE%\Impostazioni locali\Dati applicazioni
rjw.exe

Win 7 Security 2012 processes to kill:

ugs.exe
guv.exe
vmf.exe
nur.exe
xwo.exe
oey.exe
uio.exe
mbw.exe
etq.exe
kpr.exe
rjw.exe
fvg.exe
voh.exe
cil.exe
xwo.exe
voh.exe
vmf.exe
ugs.exe
oey.exe
nur.exe
mbw.exe
kpr.exe
fvg.exe
cil.exe
auf.exe
uio.exe
rjw.exe
guv.exe
etq.exe
afu.exe
%AppData%\[random].exe
afu.exe
auf.exe

Remove Win 7 Security 2012 registry entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes
Disclaimer

Comments

  1. MOONMAN Jun 30, 2011

    DONT FIND INTERNET AFTER MICRSOFT ON HKEY USERS

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.