Win 7 Antivirus 2012 scam uninstall tricks

January 19th, 2012 by admin Leave a reply »
Share on Tumblr

Win 7 Antivirus 2012

Win 7 Antivirus 2012

Various security applications nowadays offer successful removal of Win 7 Antivirus 2012 malware. From its name it is clear that this infection attacks primarily the PCs with Windows 7 operating system. However, if the same executable of this virus is launched on other PCs with Windows XP or Windows Vista, for example, the final outcome (the name of the rogue software) would be different, with different nomination. This is why this malware sample belongs to the widely spread MultiRogue 2012 virus family, also known as name-changing rogue previously described by us in one the previous articles. All such malware applications are also sometimes referred to as the ones that belong to the Braviax rogue family. By the way, there are at least 15 samples of them. All of them differ outwardly, having random names limited to at least fifteen variations, but the inner part of them remains the same. One malware application on Windows XP would be the same as the other one on Windows Vista (even though they all have different names). If your computer has become the victim of Win 7 Antivirus 2012 you need to remove this virus using some legitimate anti-virus applications reviewed in this blog, or by choosing other malware remover of your choice. You must stay away from purchasing this virus, in spite of its numerous attempts to persuade you in its decent intentions. This rogue tells you a lot of lies, and the only truth is that Win 7 Antivirus 2012 is the most serious threat available on your computer.

The outward nice-looking appearance of this fake anti-malware program is not to be relied upon while deciding whether to trust it or not. Keep in mind that the appearances are often deceptive, and, speaking about Win 7 Antivirus 2012, this fake anti-virus tool acts like the wolf in the clothes of a sheep. It comes to your system like an unwanted guest, that’s for sure. First of all, the program does not even warn you of its infiltration. Normally all the legitimate programs require your personal participation to be installed onto your PC. This is not the case with Braviax malwares. They come via system leaks, vulnerabilities through Trojan horses, contaminated and malware-bundled file downloads, due to clicking malicious links in the social networks like Facebook and even via e-mails supposedly sent by USPS (United States Postal Service). These e-mails with fake originator contain certain zip- or exe-files, and the message users gets prompts them into opening and thus executing the attachment. This is one of the ways how the malware finds the path into your system. Nevertheless, you must ignore anything the virus tells you. It would come up in front of your with every Windows startup and would run the bogus scan of your computer each time you switch your PC on. This is the amendment performed by the malware during its installation. Do not trust the fake security statements, warnings and notifications of Win 7 Antivirus 2012 rogue. Ignore its offers to effect the payment for its full version to remove those fake threats. The only threat is Win 7 Antivirus 2012 itself, not being really able to identify and remove real system infections.

In order to effectively and completely remove this rogue please choose the anti-virus program recommended in this blog. It is up to you to decide how effective they are, but please find about some tricks how to download and run them. Win 7 Antivirus 2012 would block such attempts on your part, so below you may read and watch how to make this rogue obey your instructions and do what you need to successfully remove the hoax, in spite of the blockage.

Tricks to help you execute anti-virus software in spite of the blockage by this rogue:

  • Download anti-virus sofware’s installer from clean (non-infected PC, save the installer to your USB / Flash drive and transfer it to your infected computer. Right-click the installer and choose the option “Run as Administrator”. The installation process would begin. Once the sofware is installed, run its executable in the same manner (by right-clicking and choosing “Run as Administrator”).
  • If you already have one of the anti-virus softwares installed on your computer you might try running it with Administrator rights (right-click the icon at the desktop and choose the option “Run as Administrator”).

Win 7 Antivirus 2012 system modifications:

Win 7 Antivirus 2012 files created:

  • %UserProfile%\Local Settings\Application Data\opRSK
  • %UserProfile%\Local Settings\Application Data\pw.exe
  • %UserProfile%\Local Settings\Application Data\vz.exe
  • %UserProfile%\Local Settings\Application Data\MSASCui.exe
  • %UserProfile%\AppData\Local\opRSK
  • %UserProfile%\AppData\Local\pw.exe
  • %UserProfile%\AppData\Local\vz.exe
  • %UserProfile%\AppData\Local\MSASCui.exe

Win 7 Antivirus 2012 registry entries created:

  • HKCU\Software\Classes\pezfile
  • HKCR\pezfile
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
  • HKLM\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

Posted in Fake AV

You can follow any responses to this entry through the RSS 2.0 Feed. You can leave a response , or trackback from your own site.

Advertisement

Leave a Reply