Severity scale  

Win 7 Internet Security 2012. How to Remove? (Uninstall Guide)

removal by - -   Also known as Win7 Internet Security 2012 | Type: Rogue Antispyware

Win 7 Internet Security 2012 is a phony anti-spyware program that supposedly scans your computer for malware and displays a list of false system security threats to scare you into thinking that your computer is infected with worms, trojans, spyware and other malware. Then the rogue program prompts to pay for a full version of the program to remove the infections which don't even exist and to ensure full system protection against other malware. This misleading program also displays fake security warnings and pop-ups claiming that your computer is badly infected or that your data might be deleted.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Win 7 Internet Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

Don't trust all these alerts and remove Win 7 Internet Security 2012 from your computer upon detection.

Furthermore, Win 7 Internet Security 2012 hijacks Internet Explorer and blocks almost all sites claiming that they are infected or compromised and may infect your computer. It goes without saying that it blocks security related websites in the first place. Win 7 Internet Security 2012 also blocks antivirus and anti-spyware applications. It prevents new installation of anti-malware tools so you will have to ends its processes first. Otherwise it will continue to block malware removal tools.

If you find that your computer is infected with this annoying virus, please use the removal instructions below to remove Win 7 Internet Security 2012 as soon as possible either manually or with an automatic removal tool. If you are blocked from running your anti-spyware, enter one of its activation codes to make it think you have purchased the program: 1147-175591-6550, 2233-298080-3424 or 9443-077673-5028. In addition, run a full system scan and find all the files of the virus.

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Reimage - remover Happiness
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Win 7 Internet Security 2012. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Win 7 Internet Security 2012. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes Win 7 Internet Security 2012 (2011-06-10 15:08:24)
Emsisoft Anti Malware
Tested and Confirmed! Emsisoft Anti Malware removes Win 7 Internet Security 2012 (2011-06-10 15:08:24)
We are testing Plumbytes's efficiency (2012-04-10 14:37)
Hitman Pro
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes Win 7 Internet Security 2012 (2011-06-10 15:08:24)
Emsisoft Anti Malware
Tested and Confirmed! Emsisoft Anti Malware removes Win 7 Internet Security 2012 (2011-06-10 15:08:24)
Webroot SecureAnywhere AntiVirus

Win 7 Internet Security 2012 manual removal

Kill processes:
Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
Delete files:

Geolocation of Win 7 Internet Security 2012

Map reveals the prevalence of Win 7 Internet Security 2012. Countries and regions that have been affected the most are: Vietnam and United States.

Information updated:

Comments on Win 7 Internet Security 2012

This spyware is very smart. It blocked every attempts that I want to do to kill it. I cant execute anything from task manager to regedit to IE as Administrator, so all the instructions I got before doesnt work for me because I cant execute anything. I did the following steps and I was able to successfully removed this malicious spyware. Try it for yourself and hope it will help you too:

1) From another working computer, go to this website:

Follow the links there to download the following files on a USB Flash drive:
- FixNCR.reg (
- iExplore.exe from
- (Note I downloaded rkill.exe here too but I dont think its needed)
- Download a free version of MalwareBytes Anti-Malware here

On the infected computer that is now taken by the Internet Security spyware, press and hold the power button to force improper shutdown, then press the power button again to turn it back on. This time it will ask you if you want to boot into Safemode or normal mode. I chose Safe Mode. For some reasons, Safe Mode with Networking doesnt work for me.
Once your infected computer is in Safe mode, copy the 3 files downloaded above to a local directory on your infected machine.
- Double click to run FixNCR.reg
- Double click iExplorer.exe. This process take a while so please be patient. I did run this program twice and also the rkill.exe here but I think its overkill.
- Click to install the MalwareBytes Anti-Malware. You wont be able to update because you wont have internet access but you dont need to update at this time. Just let this software install and scan. It will take around 15-20 min to run so go take a break. This program will detect and remove iSecurity.exe and 3 other spyware programs from your system. Once you restarted, your system will be back to normal as if it wasnt infected. Then you can update your MalwareBytes software. I was so happy that I was able to fix this without reformat my hard drive and reload Windows.
I hope this instructions help many of you out there who is struggling to recover from this smart but malicious spyware.
Malware Bytes detected dns.exe for me this AM when a client opened an email attachment and activated the Win7 parasite. Once deleted through the software the problems ceased. I did use a restore point for added peace of mind.
I had this pop up yesterday, did system restore, now nothing will open on my computer. Every program or file I try to open says it isnt there. Even when I go to my hard drive, doesnt show any files. Can anyone help? Thanks in advance
Joe is the man, thanks for the fix worked like a dream:

Enter this key to register the program "3425-814615-3990".
After that you will have internet access again. Download Malwarebytes.
Right click the setup file and run as Administrator. Install, update and do a full scan. Reboot as it says and the virus should be gone.

although i used a Kaspersky download and found 4 more trojans,

I got this Virus this morning " Win7 Internet Security 2012. Followed the basic instructions above : safe mode, regedit, delete the malware file (lmk.exe file in my case)) . Rebooted PC one last time, system no longer getting hijacked, but for some reason I lost my cmd.exe (C:windowssystem32cmd.exe), and all my other applications would simply give me a notice that "Application not found". Any ideas?
Mel 1
Thank you so much! This helped me too. I was going crazy downloading scanners from one computer to try on the infected one only to have it not work. This worked, so thank you!
mine showed up as hfn.exe in my task manager. i stopped the processs and the internet worked for awhile long enough for me to search for the hfn.exe file and then delete it, after that my computer was good as new far. its been several hours since it went away i just hope it doesnt regenerate/repair itself. there were 2 other 3 letter extensions that i couldnt stop process as they were listed as system processes. the hfn.exe was the only 3 letter exe that was listed to my user profile and kept popping up when the viris returned and kept showing the fake viris protection. after moving it to my trashcan i emptied it.....
System restore did not work for me. Regedit to access the registry did not work. Did not have a back-up computer but i had two administrator accounts so I could log on to the internet from the unaffected admin account to get to this site. I found the process file under oov.exe. When I stopped the process I then opened internet explorer and it could access the internet. While internet explorer was opened I then accessed the registry by typing in regedit from the start prompt. I then proceeded to look for the registry keys given here to delete. After deleting the first key I proceeded to the next key but was unable to find it. ***by chance**** I went back to iexplorer and found that the virus had started working again. when I glanced back at the Task Manager I noticed in processes that oov.exe had restarted itself. I terminated the process and when I went back to look for the second registry key to delete and there it was! after deleting the 2nd registry key oov.exe did not start on its own. I think that the keys appear at start-up.
Couldnt find any of the files listed above, and deleting the registry keys noted above did not work. Had to do system restore.
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)