Sunday, November 14, 2010

Remove Win 7 Security 2011 that displays virus behaviors to prove misleading detections

This release is based on previously developed and propagated fake antivirus tools of System Security family. Instead of locking and destroying viruses the software is known to apply a number of restrictions to computer systems. This includes software running speed limitation and prohibition on files creation in certain folders. Of course, this can make users believe they are infected. When the adware points at viruses detected that sounds as a good explanation of the unwanted changes. Get rid of Win 7 Security 2011 that takes a virus job to prove the misleading detections and get paid for threats deletion. Click here to start Win 7 Security 2011 removal campaign with free scan.

Win 7 Security 2011  screenshot:


Win 7 Security 2011 removal tool:


Win 7 Security 2011 manual removal guide:
Delete Win 7 Security 2011 files:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe 
Delete Win 7 Security 2011  registry entries:
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

1 comment:

Unknown said...

manual removal does not work....no such pezfile.....nothing.....and these files listed are not in my registry....