Win 7 Home Security 2011 virus – how to get rid
Theres a new malicious program known as Win 7 Home Security 2011. This piece of software belongs to fake antivirus and antispywares of rogue virus family that keep changing names and interface but use the same tactics to trick users into buying these bogus tools. Win 7 Home Security 2011 malwares gets into a computer with the help of downloader trojans and worms from malicious websites that drop this parasite into a computer secretly. After getting into a computer, this virus installs its additional components and then it runs its fake scanner utility on the infected computer each time the system is rebooted. The fake antivirus scan of Win 7 Home Security 2011 virus generates some scan results with fake error reports. It frequently displays warnings messages and threat alert popups to scare user. These popups tell the user that Win 7 Home Security 2011 has detected some viruses and spywares onto your computer that must be removed very soon to protect your system from further damages. All these Alerts and warning messages are fake, they do not belongs to the infected computer as they are tricky messages to convince user buying Win 7 Home Security 2011 to get rid of those viruses.
Remember! warning messages and alerts displayed by Win7 Home Security virus are fake. This program is specially designed to extort your money by offering you to buy its fake system security and optimization products. it has no ability to detect and remove viruses from your computer. You should ignore these warnings, avoid buying this program, avoid its installation and immediately remove it from your computer upon detection.
How to get rid of Win 7 Home Security 2011 virus manually:
To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.
Stop Win 7 Home Security 2011 processes:
[random name].exe
Remove 7 Home Security 2011 Registry Entries:
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\[random 3 letters].exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 letters].exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 letters].exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 letters].exe” /START “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 letters].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 letters].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 letters].exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘
Remove Win 7 Home Security 2011 files:
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[random].exe (look for 3-letter names)
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru
Auto Removal
To remove this virus Automatically, We suggest following tools:
Malware Bytes Anti-Malware
OR
Super Anti Spyware
April 21st, 2011 at 5:09 pm
Win 7 Home Security malware blocks Malwarebytes from running in normal and safe mode OS boot up. Ran system restore in safe mode to resolve issue, than completed a scan with Malwarebytes in safe mode as a precaution and found two additional objects which were removed.
April 22nd, 2011 at 8:24 am
I just get one in a website, Malwarebytes “killed” it for, thank you guys now i’m back online.
=}
April 23rd, 2011 at 10:15 pm
HAd windows 7 virus. Mine used hjh.exe. Name. Thanks for helping get rid of it.
Thank you, Allen
April 28th, 2011 at 12:29 pm
I would like to thank you for your help this virus was very anoying malware bytes eventually worked but like everything eles at first this virus stoped it from runing had to download (rkill)from cnet downloads this killed the virus win 7 home security (jrk.exe)and malware bytes removed it .Once again thaks
April 30th, 2011 at 9:11 pm
Rkill is a good way to go but if its blocking connection then just do a retsore. Malwarebytes is blocked for me and the .exe is ixx.exe good luck and thanks everyone.
May 2nd, 2011 at 10:13 am
This was stupid. it erased internet explorer and firefox completely and now I cant use them or download them.
May 4th, 2011 at 10:04 pm
woow, thanks guys, this anti-malware is fantastic
May 4th, 2011 at 10:07 pm
malwarebytes is fantastic
May 6th, 2011 at 7:15 pm
there is another way to remove this that isn’t manually –
shut down the computer and boot into safe mode with networking – by pressing either f8 or esc – depending on what system you have
this only then loads the essential windows services and stops the virus starting up completely
download the software provided by superantispyware install and run a scan – this will detect and find the problems in the file and registry entries and will terminate any active processes running by the virus
once this is done you should then be asked to reboot your computer – reboot back into safe mode – run the scan with your regular antivirus and superantispyware again. – just to be certain it is all removed then boot into windows normally – this should solve your problem completely!
just to make sure when in normal mode try starting the task manager and other services it previously blocked – and run the scans again.
OTT – Maybe but it’ll work and it is better safe than sorry!
May 9th, 2011 at 4:16 am
I tagged win7 as a malware right away but when i tried to open up my malware bytes it just brings back the exe until then im safe wtf do i do?
May 9th, 2011 at 9:22 am
Nothing has worked. I am getting tired of this already and it has only be happening for about 30mins. I have put it in safe mode and even with that it will not allow me to go on the internet to get the program. Can someone please help!
May 10th, 2011 at 6:20 am
Nothing works here, either. I cannot download anything as this crap doesn’t allow me go on the Internet. What can I do? (I have zero knowledge in informatics. It doesn’t help, does it?)
May 10th, 2011 at 7:12 am
Use Rkill from bleepingcomputer.com in safemode, then malwarebytes, the go back into windows and run a full virus scan with your favorite virus software.
May 10th, 2011 at 9:17 am
If you have AOL Instant Messenger, reboot in safe mode with networking, set your AIM so that it opens the AIM homepage on login and it circumvents the win 7 virus completely, you can then use firefox or ie to download whatever you need to get rid of this virus.
May 11th, 2011 at 2:14 am
Im fighting this right now. I’ve had it before and spyware doctor got rid of it completely for me. It installed on my laptop again tonight and spyware doctor is unable to locate it. There are a few tricks which im using to trick it because its a fairly stupid virus.
If you have Utorrent, click “Find content” then type anything in the search bar, it will open up your browser in the browser window and completely bypass win 7 home security blocking it from starting.
the programme will start again randomly at any time and close the browser window. If you find the 3 character .exe files in processess, the end process tree it will give you about 5 minutes a time before it starts up again.
Annoyingly for me safe mode isnt an option as the programme starts itself up in safe mode and safe mode with networking. So ill be downloading the most up to date versions of CCleaner, Malware bytes and spyware doctor to combat it and then running a full virus scan and a spyware scan.
These viruses are pure bullshit, as long as you’re patient there are ways around it.
May 11th, 2011 at 9:04 am
Why doesn’t my Norton 360 find this win7. I can not get on line in any safe mode.
How can i stop it from running
May 12th, 2011 at 12:11 pm
Why does my Malwarebytes anti malware not pick this up?
May 12th, 2011 at 6:10 pm
Even in safe mode this damned virus launches itself. I’ve run Super Anti Spyware and Malware Bytes three times, and this damned thing will not die. I’m in Safe Mode right now, running those scans again. This is really annoying.
May 14th, 2011 at 12:47 pm
MalwareBytes has officially defeated this Win7 Home Security 2011 virus for me. although at first i couldn’t even open it up at all i figured out it would only open if i opened it as an “administrator” in “safe mode” hmm hopes this helps someone. but it really worked
May 14th, 2011 at 7:12 pm
set your date on your computer to two weeks ahead of the current date and restart…that will clear it up this is my 2nd time getting it and that worked both times for me!
May 14th, 2011 at 8:46 pm
Prolly one of the most irritating viruses out right now…malware seemed to get rid of it for me but to be sure I ran a full deep scan with spybot afterwards..
May 15th, 2011 at 5:58 am
Another tip to try is create a new user, reboot and log into that instead and it might give some leeway.
I found doing that I could use the internet again in order to start various solutions suggested above
Spywaredoctor was not able to start up, it was frozen by the virus
Trend micro could not stop it
Malwarebytes is currently finding 5 infections
spybot searched the entire drive and found no problem
I think this virus is made by russians as their ‘job’
May 16th, 2011 at 7:49 am
Neal’s advice totally worked for me. While in safe mode, right click on malwarebytes and select ‘run as administrator.’ Found and deleted it right away!
May 16th, 2011 at 6:34 pm
How do you prevent it from coming back I have had it twice now and Malwarebytes got rid of it both times. Essentials is installed but I think the virus turned it off both times and I had to reinstall it.
May 16th, 2011 at 9:29 pm
or you can restore your computer to a date you didnt have the program Ive found 1 month back should do the trick and then run your updates again
May 19th, 2011 at 3:57 pm
I just got this virus yesterday evening, and I’ve been up all night backing up my critical data files. I’m going to reformat and reinstall my OS and programs. It changed all the permissions on my machine, so I had no access to any programs. I was able to get into my files by using ADMINISTRATIVE TOOLS/COMPUTER MANAGEMENT/STORAGE/DATA …. I WAS ABLE TO GET BACK INTO THE C:\ Drive and back up EVERYTHING important to me. To run a program, run it as Administrator when you left-click on any *.exe file. But access the Windows programs through the side panel of the START menu. The virus disables all shortcuts otherwise.
I run McAfee Internet Security, and it didn’t catch it. I believe it came through my Firefox browser when I was searching companies for a Tablet PC case. Either that, or it came from my change to AT&T U-Verse from their DSL. I haven’t had a single virus for YEARS — and now this. This is a wipeout destroying virus.
THOSE F**KS!!!! I hope they get a virus of the PHYSICAL kind — and it kills them!!
May 21st, 2011 at 7:28 am
This virus is intensly frustrating. The last time I got it it took hours to get rid of. But the ‘setting your computer to a different date’ is working so far. Seriously, who makes this crap?
May 22nd, 2011 at 2:29 am
At what point can you change the date back to the real date?
May 22nd, 2011 at 3:02 am
The date change does infact work, however, I’m afraid to put it back. BTW mine was oxt.exe.
May 24th, 2011 at 12:27 pm
I managed to get this thing off my computer. Ran AVG in safemode and I guess that worked well enough to allow me to boot my computer back up and regularly log on. First, I used TFC to get rid of all my temporary files, and then ran Malwarebytes’ Anti-Malware and that got rid of the rest of the virus. Ran rkill to see if I had any malware programs running and it said there were none. I’ve been using a computer since I was 6 (I’m 19 now) and this was the first virus I have ever gotten. Took me by surprise, but I was able to get rid of it. I’m slowly returning all my files back to normal now.
May 26th, 2011 at 1:07 am
Got this today. Set the clock two weeks back, though that didn’t seem to help. I downloaded Malwarebytes off my mom’s computer and got it onto mine through a USB drive. I then installed it by running it as administrator and performed a quick scan, where it caught two infected files. It deleted them, I restarted the computer and the virus seems to be gone. I’m doubtful setting my clock back actually did anything, but I’m keeping it that way just to be safe.
May 26th, 2011 at 10:21 am
I got the virus last friday and I searched for this Malwarebytes’ Antivirus. I downloaded the free version and open the file as “as administrator” because my computer didn’t have or I didn’t know how to do the “safe mode”. It kind of co-worked with my Symantec antivirus and I got rid of the virus FINALLY. hopefully I will not get it again. THANK YOU SO MUCH for all the help and availability.
May 27th, 2011 at 8:17 am
Had to restore computer to previous date and now able to get online and now running malwarebytes scan. I tried the safe mode and safe mode with network and still the virus blocked access. I was unable to access msconfig at the time before restore to stop the program from started at reboot. I had to find msconfig.exe and then run as administrator to open it but non of the changes stayed after reboot. Thanks for all of the help everyone.
Jeff
May 28th, 2011 at 3:18 am
Here’s how I fixed it on my computer:
1) Go to task managers. End any running applications. Go to processes and click ‘show processes from all users’. Delete any 3-letter processes
2) Go to Computer, C:Drive, Users, (Your name), AppData, Local. If you do not see AppData go to Organize, Folder and search options, View, and click ‘show hidden files, folders, and drives’. In Local folder scroll to bottom and delete any 3-letter programs.
Note: a good virus-scan program to use is Window Defender (go to start menu and type in ‘window defender’ then click ‘scan’).
I hope this helps!
–Alex
June 1st, 2011 at 1:47 pm
I got this crap on our laptop yesterday, unable to boot up. when I turn it on and press F8 to choose Safemode it flips it to compel to choose either Repair mode or Normal restart and then it just Hangs there. Does any one know what I can do to get it to where I can download malaware removal? Thanks Gerry.
June 4th, 2011 at 10:25 am
I did a system restore and it worked… THANKS for the tip!!!
June 8th, 2011 at 2:16 am
fucking piece of shit!!!! why doesn’t Microsoft make a plan about this virus,if it is you out there that is responsible for this right you gon burn in hell dick head…nothing i do seems to work,the mother fuck has a counter for every fuckin move!!!! any other suggestions from anyone out there?
June 17th, 2011 at 11:45 pm
Microsoft, fcc. ftc, fbi,etc. tolerate this shit. find where payments for this crap will be sent and shut them down with long prison terms this pure theft tolerated by providers like att,and others.
I have contacted all of these agencies They do not nthink this ia a problem!!!!!!!!!!!!!!!! bombard them with complaints then they may listen
June 22nd, 2011 at 6:46 pm
Great advise… What I did was put the clock back as said 2weeks behind it let me open just one internet page I then went to stopzilla! didnt run I saved it to my desk top opened in Admin then it down loaded reboot laptop and now scanning to delete the virus.
June 30th, 2011 at 6:53 am
Hey guys i used malaware-Antibytes program and luckily killed the virus but i can no longer go on the internet pls help any one email is jerryfuentes18@gmail.com and if u happen to have this virus stop it as soon as possible before more harm is done to your pc
February 4th, 2012 at 2:53 am
The google redirect virus is killing me… anyone know any good alternatives to remove this darn virus?