Win 7 AntiMalware

March 30th, 2010
Home » Rogue Antispyware » Win 7 AntiMalware
Repair and protect your computer easily. Download Win 7 AntiMalware removal tool  

Win 7 AntiMalware description

Win 7 AntiMalware is a rogue anti-spyware application which tries to mislead users into thinking their computers are at high risk. It shows you fake scan results after fabricated computer scans. Malware displays mass of fake warnings and pop-ups that state your PC has many infections and viruses. It also offer you to buy a full version of Win 7 AntiMalware.

This is a fraud. Keep in mind that purchasing Win7AntiMalware is not a good thing for your PC because it is a total rogue anti-spyware which cannot be helpful in any way. It may also redirect your browser to websites that sell registered version of Win 7 AntiMalware. It is only an imitation of a security program and it is not able to provide any actual computer security service. Choose reputable anti-spyware tool and terminate Win 7 AntiMalware for good.

Manual Win 7 AntiMalware Removal


Win 7 AntiMalware processes:

MSASCui.exe
pw.exe
Help: A Guideline of Killing Malicious Processes


Win 7 AntiMalware registry values:

HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
Help: How to edit windows registry entries


Other malicious Win 7 AntiMalware files:

%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete Win 7 AntiMalware, if you are not familiar with deleting malware manually.

Tags:

Trackbacks /
Pingbacks

  1. Remove Multiple Fake AV, Multiple Fake AV removal

Leave a Reply