(Thanks to rogueamp)
Win 7 AV comes from fake online scanners and misleading malware warning pages or through the use of Trojans. These fake warning pages look very genuine. They claim that the website you are about to visit is infected or malicious and claim that you should install reliable anti-malware software to protect your computer against various threats and viruses. If you choose to install their software you will end up with Win7 AV on your computer. These fake browser messages are:
In Internet Explorer:
In Mozilla Firefox:
In Google Chrome:
Once Win7AV is installed it will pretend to scan your computer and give exaggerated reports of threats. It will block legitimate anti-virus and anti-spyware programs and hijack web browsers. Then it will redirect your web browser to win7av.com which is the main web page of this rogue program to buy a license which costs $59.95 USD. Win7av.com impersonates the legitimate Microsoft Security Essentials web page.
A screen shot of the rogue's main web page:
It goes without saying that you should remove Win7 AV from your computer upon detection. You can remove the rogue's files manually, they are listed below, but it would be a lot better idea to scan your computer with genuine anti-malware software because the rogue program may come bundled with other malware such as rootkits and Trojans. Also, if you have already purchased Win7 AV then please contact your credit card company and dispute the charges. Then follow the removal instructions below. If you have any questions or additional information about this malware, don't hesitate and leave a comment. Good luck and browse safely!
Win7 AV removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Win7 AV removal instructions in Normal mode:
1. Donwload Process Explorer iexplore.exe. Double click to open it. Look for Win7 AV.exe and Win7Browser.exe in the process list and terminate both processes.
2. Download anti-malware software from the list below. Update it and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Win7 AV associated files and registry values:
Files:
- C:\Program Files\Win7 AV\
- C:\Program Files\Win7 AV\sbhostcl.dll
- C:\Program Files\Win7 AV\svhostesl.dll
- C:\Program Files\Win7 AV\svhostqt.dll
- C:\Program Files\Win7 AV\VmDetectLibrary.dll
- C:\Program Files\Win7 AV\Win7 AV.exe
- C:\Program Files\Win7 AV\Win7Browser.exe
- C:\Program Files\Win7 AV\Win7Common.dll
How to remove Win7 AV malware (Uninstall Instructions)
4/
5
Oleh
soni agus