Win 7 Security 2011 is a new malvertised program from the dangerous Security AntiMalware Guard family of malwares that change their names according to the OS which their infected computer runs. This group is represented by such scams like Win 7 AntiMalware 2011, Vista Antispyware 2011 or XP Security 2011. This one (Win 7 Security 2011) is a similar to other variants of malwares and shares the same GUI or misleading campaign based on faked information. Remember that once detected you MUST ignore its information given and remove the same Win 7 Security 2011.
Win 7 Security 2011 rogue anti-spyware is distributed through Trojans that enter unprotected systems without any permission of the user asked. Besides, it can also be installed with a fake flash update or free online scanner, so watch out! Having penetrated into your computer, unregistered version of Win 7 Security 2011 modifies the system and some its parameters to launch after every computer’s reboot. Then in becomes capable to interrupt into your normal computers usage and starts its misleading campaign. This campaign is nothing else but fake system scanners and alerts issuing numerous infections. However, the truth is that all these parasites are harmless your system files, so never remove them. Some examples of such notifications:
So, Win 7 Security 2011 will make you worry about your computer but later it will offer its help. Malware starts declaring that its “registered” version is the only anti-spyware powerful enough to remove the threats detected and then will ask to purchase it. Never do that! Rely on a reputable anti-spyware and remove Win 7 Security 2011! You should act immediately if you notice it. If not uninstalled on time, Win 7 Security 2011 will keep continuing its deceptive campaign and will deteriorate all your PC’s performance.
UPDATE!!! One of PC security bloggers, S!Ri, has announced about a serial code that may help you to disable those malwares like Win 7 Security 2011 that all change their names according to OS they find. Enter this serial code when doing registration: 145-17884799-7733. This and the order number 21197673 should also work for earlier versions of this type of parasite.
After typing them, you should become able to use your anti-spyware, if it fails follow the guide written below. Be aware that these numbers are expected to change in the near future!
How to get rid of Win 7 Security 2011:
To remove Win 7 Security 2011 you will need another PC, as removing it from safe mode with networking will not work in most of the cases.
a) Burn these programs to CD or write them to USB disk. You can use your MP3 player, or smartphone if it has storage functions. This parasite does not spread through USB at the moment:
1.STOPzilla or an automatic removal tool below. Update STOPzilla and run a full system scan.
2.You might want to download Hitman Pro or Malwarebytes as alternate scanners. Though you are likely to be able to download them later on.
b) Boot normally. Wait for Win 7 Security 2011to launch, and run exeregfix.reg . This should allow launching legitimate programs
c) Delete or remove the files that are mentioned in our files box. You can use STOPzilla to identify the infected files and additional infections or automatic Win 7 Security 2011removal tool. Do not forget update it before scanning. Remove what it finds.
d) Scan with STOPzilla and secondary tools and reboot your PC. This should fully get rid of Win 7 Security 2011.
Win 7 Security 2011 manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassespezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"
%UserProfile%Local SettingsApplication DataopRSK
%UserProfile%Local SettingsApplication Datapw.exe
%UserProfile%Local SettingsApplication DataMSASCui.exe