Win 7 Security 2012 virus

Posted on by ltblog
Win 7 Security 2012

Win 7 Security 2012

Win 7 Security 2012 malware rightfully belongs to the Braviax virus, the one that has been on the lips of many users whose PCs suffered greatly from this rogue persistency. This malware changes the name depending on the operating system, this is why is it often referred to as name-changing rogue. In spite of the fact that new names are being chosen by cyber criminals for this malware, this does not really make any essential change in the behavior of this program. Nevertheless, the developers of this pest have decided to name their fake anti-spyware program as Win 7 Security 2012, thinking that by doing so they would be able to convince their victims in the decent intentions of their fake security concoction. The truth of the fact, however, is that their “creature” is only able to ruin the PC, to annoy users with the enormous amount of unauthorized, fake and unwanted popups and to trick, fool and deceive users. Don’t you think so? Well, we hope you will never be the victim of this hoax. If this is the case please read the section below explaining how to deal with this fake security tool.

After successful infiltration and installation Win 7 Security 2012 fake anti-malware program pretends as if it is some good one. It would immediately run its fake system scan (without your approval, by the way). In fact, it would even modify your system in such a manner that it would be launched automatically with every Windows startup (either XP, Vista or Windows 7). Whatever the case might be, the availability of this rogue would not remain unnoticeable inside of your system. You would be permanently targeted by the enormous number of bogus security notifications, popups and ads promoting you to effect the payment for this rogue anti-spyware tool. In order to make its offer more convincing, Win 7 Security 2012 would tell you about lots of fake and unreal malwares, viruses and threats allegedly identified on your PC. What a terrible experience indeed is to face all the aforesaid fake data. Summarizing the aforesaid, in order to have this rogue removed please follow the special guide in the link provided below and follow the removal milestones in order to have your PC cleaned from such a horrible malware aggression. Removal guide link – http://www.2-viruses.com/remove-win-7-security-2012


Win 7 Security 2012 system amendments:

Win 7 Security 2012 files added:

  • %UserProfile%\Local Settings\Application Data\opRSK
  • %UserProfile%\Local Settings\Application Data\pw.exe
  • %UserProfile%\Local Settings\Application Data\vz.exe
  • %UserProfile%\Local Settings\Application Data\MSASCui.exe
  • %UserProfile%\AppData\Local\opRSK
  • %UserProfile%\AppData\Local\pw.exe
  • %UserProfile%\AppData\Local\vz.exe
  • %UserProfile%\AppData\Local\MSASCui.exe

Win 7 Security 2012 registry entries added:

  • HKCU\Software\Classes\pezfile
  • HKCR\pezfile
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1”
  • HKLM\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1”

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *