Creators of rogue antispyware programs have designed a new malicious application that comes under 27 different names. The name of the infection depends on the Windows Operating system the computer runs. Here is a list of the program names that it can use once infecting computer system:
XP Antispyware 2011 or XP Antispyware
Vista Antispyware 2011 or Vista Antispyware
Win 7 Antispyware 2011 or Win 7 Antispyware
XP Security 2011 or XP Security
Vista Security 2011 or Vista Security
Win 7 Security 2011 or Win 7 Security
XP Internet Security 2011 or XP Internet Security
Vista Internet Security 2011 or Vista Internet Security
Win 7 Internet Security 2011 or Win 7 Internet Security
Win 7 Antimalware
XP Antimalware 2011 or XP Antimalware
Vista Antimalware 2011 or Vista Antimalware
Win 7 Antimalware 2011
Win 7 Guard
The program is installed with a help of Trojan viruses that imitate being Windows updates and are downloaded automatically. Once inside the application is ready to do everything in order to make it impossible to remove it. It will disable most of your programs including your Internet browser and once you try to launch it you will see firewall warning instead of the requested website. Instead of launching any executable the program will launch Vista Antispyware 2011, XP Guard, Win 7 Internt Security 2011 or any other program that infected your computer.
Here is how some of the alerts look like:
If you succeed to launch your Internet browser the rogue program will definitely block some of the websites so you couldn’t look for any information about the infection. Instead of displaying the websire you request the program will generate this message:
The rogue is started automatically after each computer reboot. It loads a fake scanner and simulates looking for infections on your system. When the scan finishes, the program displays a list of files and states that they pose risk to your computer. The truth is that these files either don’t exist at all or they are your legitimate computer programs. However, the program will ask purchasing its license in order to activate the program and remove those files.
Less experienced computer user might easily fall for this trick as the scanner and all warnings look like legitimate. The biggest mistake they can do is paying for the program hoping that this will fix everything. The truth is that you will only lose your money and get nothing in return.
You are highly advised to get rid of Win 7 Guard, XP Antimalware 2011, Win 7 Security 2011 and any other programs that go under before mentioned names as soon as possible. Pay attention to their executable file and stop it when trying to disable these malwares. Then run reliable anti-spyware, like STOPzilla or automatic removal tool, to eliminate all other files of Fake Antiviruses.
Fake Security AntiMalware Guard antiviruses for Win 7 XP or Vista manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassespezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"
%UserProfile%Local SettingsApplication DataopRSK
%UserProfile%Local SettingsApplication Datapw.exe
%UserProfile%Local SettingsApplication DataMSASCui.exe