Tuesday 6 November 2012

How to Remove Win 7 Antivirus Pro 2013, Win 7 Antispyware Pro 2013 (Uninstall Guide)

Win 7 Antivirus Pro 2013 is a fake application that reports false system security threats on the computer. This scareware may also appear as Win 7 Antispyware Pro 2013 or use any other application name that would make it look as if it was a genuine Microsoft product. The overall graphical user interface does not change, only the application name. It seems that the rogue application changes its name randomly. Once you know how it actually looks, you can easily identify other versions of this malicious software.



Win 7 Antivirus Pro 2013 or Win 7 Antispyware Pro 2013 distribution: actually it could be and probably is distributed in many ways. Very often, such fake security applications are promoted via infected websites. I'm sure you've heard that adult sites that could be among 50 most visited sites on the net sometimes spread malware, including fake security applications. It remains unclear whether they distribute malware intentionally to earn extra cash or become victims of cyber criminals who manage to find software vulnerabilities and infect high profile websites. And I'm talking not only about adult sites. I mean any website can be used to infect PCs. Even your all time favorite blog that isn't even popular or not so popular comparing to other sites. You should also be aware of misleading emails that may contain malicious attachments or lead to potentially harmful sites.

What Win 7 Antivirus Pro 2013 is capable of? Well, first of all, it may and I'm sure it will block or disable your antivirus protection software. Once installed, this rogue application will modify Windows registry and add itself to the list of apps that start automatically when you restart your computer. Win 7 Antivirus Pro 2013 or Win 7 Antispyware Pro 2013 makes rather advanced Windows registry modifications that can be hardly restored manually, but don't worry I got a one-click fix for that. What is more, any attempt to run system tools will be interrupted by fake security notifications claiming that pretty much all the applications and tools you're trying to open are either damaged or infected by Trojans, spyware, rootkits or some other malicious software. Of course, that's far from the truth. Some false statements and security alerts you may see when your computer is infected by Win 7 Antivirus Pro 2013:
Privacy alert!Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.
Tracking software found!Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing a security scan.
These are pretty common and typical for scareware. Especially the second one about supposedly found tracking software on your computer. I didn't count them but there were like four or five different pop-ups reporting 'critical' malware infections. When running, Win 7 Antivirus Pro 2013 will also block your web browser and display false security message:

Visiting this site may pose a security threat to your system!

Possible reasons include:
  • Dangerous code found in this site's pages which installs unwanted software into your system.
  • Suspicious and potentially unsafe network activity detected.
  • Spyware infection in your system.
  • Complaints from other users about this site.
  • Port and system scans performed by the site being visited
Once again, scammers who made this fake application will make sure that they've done everything to convince you that your computer is infected. This isn't surprising but rather interesting because they the use the same scheme for the fifth or so time in just a few years. It probably works.

What's the main goal of Win 7 Antivirus Pro 2013, Win 7 Antispyware Pro 2013 or whatever the name of this malware is? It tries to trick you into paying for a full license of the rogue application in order to remove the threats. Supposedly found threats because it only pretends to scan your computer for malware. If I were to buy this application it would cost me about 100 dollars which makes it rather expensive PC security product. On the other hand, it's a lifetime license ;)



I'm just kidding. DO NOT pay for it. Win 7 Antivirus Pro 2013 is a scam. If you thought it was a real thing and paid for it, then I think you should contact your credit card company and dispute the charges while it's not too late. That’s the only way to get your money back.

It goes without saying that Win 7 Antivirus Pro 2013 has to be removed from the system upon detection. To do so, please follow the instructions below. Questions and comments are welcome and appreciated. Good luck and be safe online!


Quick Win 7 Antivirus Pro 2013 removal:

1. Use this key: 3425-814615-3990 to register the fake security application in order to stop the fake security alerts.

Just click the Registration button and then select Activate Now. Don't worry, this is completely legal. If the debugged serial keys do not work anymore, please follow the alternate removal instructions below.



Once this is done, you are free to install recommended anti-malware software and run a full system scan to remove Win 7 Antivirus Pro 2013 from your computer properly.

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this malware from your computer.


Win 7 Antivirus Pro 2013, Win 7 Antispyware Pro 2013 removal instructions in Safe Mode with Networking:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Open Internet Explorer. In the Address bar type: http://goo.gl/AXIrU (this is a download link for FixNCR.reg) and click hit Enter or click Go to download the file.

3. Save FixNCR.reg to your Desktop. Double-click on FixNCR.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.



4. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

NOTE: don't forget to update anti-malware software before scanning your computer.


Manual Win 7 Antivirus Pro 2013, Win 7 Antispyware Pro 2013 removal instructions:

Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
  • Hide extensions for know file types
  • Hide protected operating system files
Click OK to save the changes.


1. Go into C:\Users\[UserName]\AppData\Local\ folder.

For example: C:\Users\Michael\AppData\Local\


2. Find hidden executable file(s) in this folder. In our case it was called vkl.exe, but I'm sure that the file name will be different in your case. Rename vkl.exe to vkl.vir and click "Yes" to confirm file rename. Then restart your computer.



3. After a restart, copy all the text in bold below and paste to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.

6. Open Internet Explorer. Download exefix.reg and save it to your Desktop. Double-click on exefix.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.

7. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.


Associated Win 7 Antivirus Pro 2013, Win 7 Antispyware Pro 2013 files and registry values:

Files:
  • %CommonAppData%\[SET OF RANDOM CHARACTERS]
  • %LocalAppData%\[SET OF RANDOM CHARACTERS]
  • %LocalAppData%\[3 RANDOM CHARACTERS]
  • %Temp%\[SET OF RANDOM CHARACTERS]
Registry values:
  • HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
  • HKEY_CLASSES_ROOT\[SET OF RANDOM CHARACTERS]
  • HKEY_CURRENT_USER\Software\Classes\[SET OF RANDOM CHARACTERS] "(Default)" = 'Application'
  • HKEY_CURRENT_USER\Software\Classes\[SET OF RANDOM CHARACTERS]\DefaultIcon "(Default)" = '%1'
  • HKEY_CURRENT_USER\Software\Classes\[SET OF RANDOM CHARACTERS]\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
  • HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
  • HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\[3 RANDOM CHARACTERS].exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""
Tell your friends:

No comments:

Post a Comment