1 of 5
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Win 7 Internet Security 2012

With all the sophistication invested in rogue security tools these days, it can be difficult to distinguish between genuine and rubbish applications such as Win 7 Internet Security 2012. This rogue in particular forms part of a larger family of rogues which are able to adapt to their surroundings. This is because Win 7 Internet Security 2012 is able to change its name dependent on the user’s operating system. It will invade the user’s PC through corrupt websites using drive-by download tactics, as well as through fake online malware scanners falsely informing the user that his system is infected with severe infections, prompting him to download the Win 7 Internet Security 2012 rogue security tool.

Download Spyware Removal Tool to Remove* Win 7 Internet Security 2012
  • Quick & tested solution for Win 7 Internet Security 2012 removal.
  • 100% Free Scan for Windows

As soon as Win 7 Internet Security 2012 securely roots its infection in the system, it will initiate a fake system scan which will yield many false results. It will pretend to update itself via Automatic Updates, and will install itself as a single executable file called kdn.exe. The rogue will also edit registry entries which will cause its executable to run each time the user runs any application on his system. If Win 7 Internet Security 2012 does not deem the original application the user intended to launch as a threat, it will then allow that application to run as well.

Win 7 Internet Security 2012 will not allow the user to connect to the internet, and will launch each time the user attempts to launch Internet Explorer or FireFox, and will spam the user with a firewall warning stating that the system is infected. Some of the fake threats Win 7 Internet Security 2012 will report on include IRC-Worm.DOS.Septic, Devices.2000 and BWME.Twelve.1378. Win 7 Internet Security 2012 will also report legitimate Windows files as threats, and should the user delete those files will actually cause more severe damage to the system.

The fake security application will offer to ‘remove’ the reported threats, but only once the user pays for its worthless software. As a further attack on the system Win 7 Internet Security 2012 will spam the user with various annoying pop up messages, stating the following:

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

If you suspect an infection, the only way you will be able to regain control of your PC is if you were to immediately get rid of Win 7 Internet Security 2012. This is safest achieved by making use of a genuine security tool which will also offer adequate protection against similar future infections.

Update:

The rogue removal will be easier if you used these activation codes to “register” the rogue:

2233-298080-3424
3425-814615-3990
9443-077673-5028

This rogue is particularly annoying because right after the installation it blocks every single exe file and you can no longer run your computer. Then there is nothing else left to but to restart your computer. When you do, while it boots press F8 and select to load the Safe Mode with Networking, so that you could download SpyHunter from our website. Then restart again, and load your computer in Normal mode to install SpyHunter. Another way to install the program is to download it on another computer, rename the installer file from installer.exe to installer.com and then transfer the file into a USB flash drive. Plug the drive into the infected computer and use it to install the program.

Once SpyHunter is installed, it will scan your computer and detect the rogue, and kill it.

NOTE: Just because you can no longer see the rogue it does not mean that it doesn’t exist. Perform a full system scan to locate and terminate all of its components, because any file associated with the rogue can leave your computer’s door open for other malware.

Download Spyware Removal Tool to Remove* Win 7 Internet Security 2012
  • Quick & tested solution for Win 7 Internet Security 2012 removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Win 7 Internet Security 2012

Files associated with infection (Win 7 Internet Security 2012):

%AppData%\[random].exe

Processes to kill (Win 7 Internet Security 2012):

%AppData%\[random].exe

Remove registry entries (Win 7 Internet Security 2012):

HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee” -a “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ’1′
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′
Disclaimer

Comments

  1. than Jan 21, 2012

    spero bene

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.