Tuesday, June 7, 2011

Win 7 Internet Security 2012 Removal Guide

Win 7 Internet Security 2012 Removal Guide
Win 7 Internet Security 2012 is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Win 7 Internet Security 2012 is installed. Win 7 Internet Security 2012 installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Win 7 Internet Security 2012 will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Win 7 Internet Security 2012 is to urge the user to register Win 7 Internet Security 2012 by purchasing the full version of Win 7 Internet Security 2012 so that to earn some money from the user. Win 7 Internet Security 2012 cannot detect and remove any malware / virus / trojan. Win 7 Internet Security 2012 will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.

Win 7 Internet Security 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Win 7 Internet Security 2012 shown in the removal guide below. All files related to Win 7 Internet Security 2012 must be deleted.

Win 7 Internet Security 2012 should be removed immediately!

Win 7 Internet Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’

Remove Folders and Files
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random]
%AppData%\Local\[random].exe
%AllUsersProfile%\[random]
%Temp%\[random]

No comments:

Post a Comment