Win 7 Total Security 2011 is a rogue anti-spyware which starts affecting only those PCs that have Windows 7 OS running on board. This malware hails from a widely spread fraudulent rogues’ family where all its members look completely the same but have different names in order to trick users into believing their legitimacy. Win 7 Total Security virus will also do its best to make you think that it has detected numerous viruses and then will offer its services in order to remove invented malware. Being a clone of other aggressive roguewares, like XP Anti-spyware 2011, Win 7 Total Security 2011 acts in the same order. This virus installs through the use of backdoor tactics involving trojan viruses mostly and then will start displaying its alerts about malware. Never believe them and use a reputable anti-spyware program (Spyhunter or Malwarebytes Anti-Malware) to remove this clear example of malware. In order to avoid intrusion of such scams, you should install the ‘full’ anti-spyware’s version to get a real time protection against spyware.
When the unregistered version of Win 7 Total Security 2011 software finds itself inside your system, it tries to make you think that you have troubles with your computer. To achieve that, malware will attempt to scare you by its continuous alerts and scanners that all report the same thing:
Win 7 Total security 2011 Firewall Alert
Win 7 Total security 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
These warning notifications that pop up at random MUST be ignored in order to save your PC from a damage. Win 7 Total Security will also be running its scanners after every startup and at certain time intervals that will also look obviously fake and fabricated. Keep in mind that this parasite will detect invented viruses and malware and sometimes it may report legitimate your system files. That’s why you should ignore alerts got from Win 7 Total Security 2011. The basic idea behind this trickery is to make you think that your computer is uder the risk of malware and that only Win 7 Total Security 2011 can save it and remove ‘detections’ reported. However, you should get rid of all the offers pushing you into spending the money on buying Win 7 Total Security.
Please, get a reputable anti-spyware instead and remove Win 7 Total Security 2011. Thanks to Xylitol, its possible registry code has been published which will help you to disable this scam: 1147-175591-6550 or 2233-298080-3424. You can also remove it by downloading and scanning with spyhunter, as shown in video guide below.
Multiname
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
hi, thanks for your info. my daughter’s computer has this Win 7 Total Security spyware. I am unable to access the internet to get to your site from her computer. I’ve tried in safe mode w/networking and i’m still blocked from any internet access. can you tell me how i can get around this so i can access your site.
thank you!
debbie
Same story as debbie. Me, I don’t want to do the safe mode thing myself, I’d rather try Spyware Doctor, but since her computer can’t access net, Win 7 Total Security pop-ups interfere, how can I get to Spyware Doctor?
VJ, Debie: disable proxy server in safe mode with networking. If this does not work, try using task manager ( in safe mode with networking) or registration keys.
I did a really foolish thing.
I actually fell for this and purchased it. My computer’s all messed up now, but now I’m really afraid. I’ve given them my information and they took my money. What should I do? I’m scared.
Are there any instances of the people behind this malware stealing identities?
I just had this on my new laptop. It scared the hell out of me. I have windows 7 on my laptop so i went to system restore and set it back 2 days… It worked and the virus didnt come back, never went to the site again with that stupid virus. So if you go into your start then search system restore in your programs/files when you see it click on it and it will pop up you just continue till you reach the page where you click on the date *note=doing this WILL erase all downloads you made after that period of time INCLUDING the virus* and then it will restart your computer and you will be able to use your internet and it will not pop up anymore unless you go back to the same site you recieved it from… GoodLuck
Scared: contact your bank.
Just got this today it came in via an Java security flaw, I had an outdated version installed. Was looking up some things for work and BAM, broswers all shutdown and this crap pops up.
Used System Restore to go back to earlier in the day to disable it and then ran full AV & Malware scans. Uninstalled Java as well.
For me, I am unable to even open up system restore. I really don’t know what to do…
I would recommend using keys.
bassicaly i had the same stupid problem this shit blokced my internet passage bassicaly i just went to register then enter the reg code tht this site has 1147-175591-6550 and it unblocked this shit, but my problem now is how do i fully remve this shit
@What now, Same with me dude
hey guys: Do a full system scan with couple anti-malware tools. Delete what they find.
same happened to me and u couldn’t access the net or anything. So I’m trying a systems restore as we speak. fanned. Stuck at screen with the computer name and the setup utilities and boot manager. Sigh. What now?
Help?
Try the key mentioned in the guide. You might be able to restore some PC functions. Then scan with anti-malware tools: http://www.2-viruses.com/anti-malware-tool-comparison
Just this second had the problem. I knew right away it was a virus so I quickly ran to safe mode to try remove it. I’ve done a few of the regedit stuff but “removing” those values prevent you from accessing those files in future. So, I havent done that. I just did a scan for the file it was using (qia.exe) and removed those fields only. I might still have it on my system but at least now I can access msconfig. It was telling me it didnt exist when it clearly did.
I wont buy a new anti-virus program just for one file to be removed. Thats just stupid.
close the process and run as administrator, you can get mozilla to work, the process will have a random name just guess, it can change names aswell
I find i cant run any programs unless i right click then click “run as administrator”
Steve: I suggest using SD to identify malicious files. It is free feature, you can delete them manually. That is your choice.
However, having decent antivirus would reduce chances of getting infected in the future. Its your choice which one you will pick.
i id love to murder to skinny lil virgin geek that made this virus, i hope his whole family get burnt to death
Thank you so much. Just used the key to un-install it and then avg (free trial) to clean up. Everything is working.
I was actually stupid enough to fall for this and it charged my card twice so how do i get my money back?? and it wont let me take download anything to remove it even though i have disabled everything
I have the Win 7 Total Security Virus. I have run Spyware Doctor, SuperAntiSpyware, and another Spyware program; none of them have worked yet. Spyware Doctor found a trojan and several other virus’ and removed them all. The Win 7 TSV still remains.
The system restore did not work either. What now?
Also, I was able to get online without problems using a different users profile in order to download the Spyware programs. Maybe this will work for other people here.
i’ve just had the win 7 virus for the last 3 hrs, if you use another pc and search for it. it will tell you all about it. i used a free software called rkill, i saved it to a mem stick, then put it into the infected pc and ran it. this sorted it out in 2 mins. i have all the latest protection enabled and it still got through. good luck
Tony: Rkill disables processes only. It will not remove files, so after reboot the trojans will be loaded again. Scan with anti-malware tools
PLZ help i fell for this and actually purchased it and it wont let me download anything such as spydoctor so plz tell me how to get rid of it in specific instructios
Alexis. Read instructions closely. I would recommend contacting your bank afterwards.
Thanks Janae – backdating thru the System Restore worked. @ What Now, my system restore would not work at first, but you have to play around with it (could not access directly when selecting it from the search menu, but went separately into SYSTEMS, then selected from another sub-menu. Thanks again everyone for the input because it took 1 min to fix & this is all very frustrating/can spend hours/wasted $$ on if you don’t know what to do.
Hello, I’ve tried setting my computer back 1 week in time, AVG, and malwarebytes, none of them have worked! It works for a max. of a few hours, then the virus just pops up again! What should I do 🙁
Alice: Scan with SD and Hitman PRO. No antivirus or anti-malware tool is 100%.
Hi! Is there a link how I can recover my registry entries to make my .exe programs work after these changes?
My lap top was infected by it too – and yes, I fell for the “give us your bank details” too. Fortunately, my bank intercepted the payment and refused to make the transaction. What people were saying about not being able to get onto the internet, I experienced the same. But it only lasted an hour. Yeah, I panicked too, but once I got back online, I came here (via Google) and downloaded the trial version. Then I bought the full version. I will say I’m still getting pop-ups, but I’m running full scans with SD and McAfee as I write this, so hopefully that will fix any problems. And to mirror what “Ste” said, yeah I’d like to get my hands on the geek that “made” this virus.
(PROBLEM)
So i removed the Registry Entries you listed above manually, now i cant any of my .exe programs! its made my computer completely useless and now i cant even get back into the registry. How do i fix this?
The only way i’m on the internet is because i’m using a different computer.
please help!
Holly:
Search for executables on disk, right-click on them and choose run as administrator.
First, launch notepad and import this :
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
[-HKEY_CLASSES_ROOT\secfile]
Save this file as .reg (fixit.reg for example).
Next, doubleclick on it and import into registry.
@Alexis C
what name was used when they made the charges? I was having a crappy day then this hit and I fell for “buy me know and live again” checked my account and no charges have been posted. Maybe I can call and block charges if I can tell them who ?????????? I had a computer wiz come over and remove mine but couldn’t tell you all that he did
I’ve got this crap and it’s changed the permissions on the accounts where nothing can be done. Any advice on how to get rid of it now?
weird thing is, i can use firefox normally, whereas for internet explorer, it does the pretend firewall thing. interesting.
Gui – this is either proxy server in IE (FF might use separate settings) or a module in ie add-ons.
i left my laptop for a few days after getting this virus. Now the whole virus isnt in my system. What happened?
Aaron: at the moment there is a small decrease in its activities. The most likely cause is they are changing payment processor or releasing new version of parasite.
i also have this problem.i have used many spymare,malware remover but it did not work,i also restored my computer,.please help me,i m in a big trouble.
Got this from drudgereport .com early this morning.
This might be the new version you were suspecting: I could not find any of the listed files you mentioned.
Process was law.exe — the description said “steamerrorreporter.exe (buildbot_winslave01_steam_rel_client_win32@winslave01)”
However, I did delete the registry entries. This killed the program, but then I had the same problem that Holly had: couldn’t run any .exe files, including regedit.exe
Tried running the fixit.reg you had above, but that did not work. However, the following one that I got from microsoft.com worked. Everything’s back to normal. Thanks:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.EXE]
@=”exefile”
“Content Type”=”application/x-msdownload”
[HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
@=”{098f2470-bae0-11cd-b579-08002b30bfeb}”
[HKEY_CLASSES_ROOT\exefile]
@=”Application”
“EditFlags”=hex:38,07,00,00
“FriendlyTypeName”=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@=”%1”
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
“EditFlags”=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
“IsolatedCommand”=”\”%1\” %*”
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@=”\”%1\” %*”
“IsolatedCommand”=”\”%1\” %*”
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@=”{86C86720-42A0-1069-A2E8-08002B30309D}”
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]
@Warren
Hi I tried to create the fixit.reg file but when I double click it. It gives me an error saying that it cannot import C:\Users\XYZ\Desktop\fixit.reg. The specified file is not a registry script. You can only import binary registry files from within the registry editor.
Can you please help how to run the reg file
Thanks
My daughter came running to me last night with this problem. I was able to identify through system process the culprit which is jxo.exe. This files location can be found by right clicking and using the locate function in system process. After moving to the directory I had to drop to a DOS command prompt using run as administrator because all exe files are disabled by a registry entry made by the virus. Then using the DOS command attrib -h -s -r jxo.exe it will made the file unhidden/system/unread-only so that it can be deleted. Immediately delete this file. If it says it is in use then cancel the process and try again. Once it is gone then you will access back to your system however any .exe file still will not simply run by double clicking… You will need to right click and run as administrator. Download a reputable scanner like anti-malwarebytes and install to scan and remove the remaining remnants. So far this has worked for her and she is very happy with her dad.
@debbie grewe
I did a system restore to a point i knew i did not have it and that worked.
Man i tried to buy the full of version of spyware doctor and i did the full scan. But it doesn’t work T__T . What can i do now? Plz help me.
Hai : contact PC Tools support- they will likely to provide custom fix for your situation.
i restarted and hit f2 to go into the setup on the startup and ran repair windows and did restore from there and my computer is fine now. i was highly pissed and knew instantly what it was as soon as my browser crashed and it started its oh so good scanning. luckily i have had almost every version of this virus except the win 7 until now. gotta keep up the trend though i guess. anyway last time i got this was on an xp i had and i wound up having to system restore that computer back almost 6 months to get it out of there but it does work so dont worry just be patient.
Hit F12 and ran repair windows, this is the only option worked for me after two days of struggle.
I was unable to do System restore
Unable to launch any browser
The file was bqy.exe and I couldn’t find anywhere in my computer.
Unable to find win 7 security files anywhere in my computer.
Repair windows didn’t work for me. It said it cannot repair.
Any clues?
Thanks.
Even though it said “could not be repaired”, it seems it has done the job.
Now the computer is working normally. But I can’t be totally sure if there is
no remnant of the malware lurking to become active again.
I just went ahead and renewed my McAfee just to be safe.
Luckily my credit card transaction didn’t go through because of failed password. But I entered all the card details on the criminal’s website. May need to call the bank still and alert them or request to terminate the card and issue a new one.
System restore in Control Panel
@Janae
Thank you so much for that advice. My daughter had the Win 7 Security files on her college laptop and panicked when she couldn’t even get to the web to update her spyware detector! Resetting the system back to the restore point worked perfectly! Thank you so much for preventing a tragedy — especially during finals week!
hi. i found the source of the virus and deleted it… but now i can’t access any of my files and programs (can’t open itunes, internet explorer, firefox….) and all it says it keeps saying that the file may have been removed or i no longer have access to it. please help me! i have no idead how to re-open all my files. my laptop is about a year old and I have 111GB of files and programs, so i can’t really put them on usb. any way of knowing how to fix it? without having to restore it… 🙁
Thank you again for posting this information! I’ve had to rely on your site and others like it to deal with this virulent garbage, and I greatly appreciate the people involved in sharing this crucial information. I’ve recently had to remove the win 7 total security 2011 problem, but in the process of dealing with it, I never actually found the file itself. The directions mentioned that it would be a three character exe file; I was able to open the directory but the file itself wasn’t visible. I changed my folder settings to see hidden files with no change. I was able to see the file’s properties from right clicking the file’s line item in the task manager, and was even able to open the file location from task manager as well. No luck actually SEEING the file. I tried deleting the file from the command prompt, but it said it couldn’t find the file either. I’m more worried that despite removing all of the registry entries for that atrocious little program, that with the file still there, it will reattach itself. How can I find this thing? Thanks again for your help!
Sincerely,
Edwin
Hi all,
My other lap-top would not work unless I bought the ” Win 7 Total Security ”
Does anyone know how to get your money back?
A little tip to people who can’t get on the internet on the infected computer:
Go to your control panel, and where it says “Control Panel” in the address bar, click the emptiness in the bar and type in “www.google.com”. It SHOULD bring you to Google. From there, you can look up whatever antivirus application you want. I suggest Microsoft Security Essentials. It found the malware right away, got rid of this horrible Win 7 Total Security, and gave me a whole lot of peace of mind. I hope this can be helpful. 🙂
Lisa : read about what registry keys you have to modify
how i did it was use firfox 4 (dont think it NEEDS to be 4, but MUST be firefox)
then i google how to remove… and it brought me here!
@admin
I agree with the Admin here. If you ever get in trouble with a purchase you’ve made, then call your credit card company to dispute the charge. They will remove the charge from your balance while they contact the merchant for you. Some will not and just keep the charge off your card. You have every right to dispute the charge, most keep them off your card for 30 days while they investigate your claim.
On fixing this issue with Win 7 Total Security–please read the blog and post for fixes. Try the key first. I ran into issues with system restore not able to be found. And I didn’t want to take the chance of reboting and it was a real virus. I’ve seen viruses on a rebot. After the key try the other suggestions.
What ticks me off the most is that Windows said this program was free to download. No where did it say in it’s term of use that there will be a charge later. Your not suppose to do that by law. If you’ve seen the posted charge listed in the TOS then post it here please; I couldn’t find it anywhere. Also what’s so bad is it kept opening my explore 9 in a blank screen. I had to use firefox to get to a site pretending like I’m going to purchase from PC Tools which is Spydoctor. I happen to have the download saved. All the anti-virus put up scare tactics to get you to buy. I’ve used Spydoctor the longest, but I wanted a free version this time and took the bait from microsoft anyway. Can anybody say how much where they going to charge you for and what the site address is? At least other antivirus removal software tells you upfront about a pending charge or a charge upfront to remove what needs to be removed. I also used Spydoctor registry cleaner too. You need both to clean-up stuff. The only problem some can remove valid things that need to be there. Good Luck.
LJ : SD gives users choice. It reports accurate location of infections it finds, so you can delete files and modify registry manually.
downloaded SD. it found the threats but is asking for an upgrade which i have to pay for to fix them, is this right
This probably won’t remove the files like the instructions above would help you do, but I’m really uncomfortable editing my registry and monkeying around with modifying it. Especially after reading all the problems people had.
I stopped the exe process as instructed. (I don’t know Windows 7 well so I think I may have stopped one too many 3 letter .exe files). After seeing the Malware icon disappear I was pretty sure I stopped the process.
I then went and restored my computer to yesterday (I got the virus today). Everything started working normally again and the malware icon did not appear.
Then I went to some online scanners to see if I could find the files and remove them from there. McAfee, Panda are a couple that I tried.
Phil: SD is commercial. Expand each detection, if you wish you can delete files manually.
@debbie grewe
My computer had the same problem and I couldnt access any websites. Take a flash drive and plug it into a computer that is not infected and download the spydoctor software. Then move the downloaded file to the flash drive. Eject the flash drive and plug into the infected computer. Now open the drive and install the software 🙂
Hey everybody, if your internet is blocked from the virus on one computer, just take a usb flash drive, download the spyware doctor software (link at top of thread^^), save it on your flash drive and then plug your flash drive into the infected computer and then install it. 🙂
@Janae
I have it on the pc I am using right now to access the internet install Spyware Doctor through a flash drive, then have it scan it will find it then click “Learn more about this threat and in that browser session you can use the internet.
This virus works on Vista and 7 and it has deleted 90% of my system32 including system restore this could be a update to the virus I will update this when I get it of if I do.
Had the virus on a laptop…Reset settings to a point (date) prior to infection, worked fine…
@Kai
This absolutely worked for me and killed the virus…
I foolishly downloaded it, and I don’t have any of that Super anti spyware stuff etc, I have no clue what to do, please help! 🙁
hay everyone i just got rid of these stooped malware virus
when i had it i couldn’t to get online to get help but then i came up with the idea of using vuze these torrent application had a web search on it i typed in google and click on the link and vuze bypassed the malware and went straght to google
i hope these info information can come to use
by the way
thanks so much for putting up these tutorial
Can’t find the post of the person who first suggested it here but…
I was able to browse again by going though the control panel and typing google.com in the URL bar there.
The only one that worked for me was Malwarebytes. Dl from another computer onto a stick. You need to r-click and run as administrator to get it to run though.
I tried avast and mcafee and neither worked to identify this virus.
I have no idea when I was infected with this, but I’m currently trying to use the Malewarebytes method to remove it. I’m illiterate when it comes to computers so I’m not messing with the registry or anything. I tried to simply use the system restore option and go back a few weeks to try and circumvent all this, but I’m being told that the option doesn’t exist anymore. When all this is over, assuming I can actually get things working again, how do I get it back? I’m about an inch away from a heart attack here, I want this garbage gone.
I found an easy fix … at least it worked for me.
My wife’s laptop got this one. I tried a ‘System Restore’ to a previous date, but the application was blocked by the virus … UNLESS you run the System Restore as Administrator. This worked.
Search for ‘System Restore’
Right click in System Restore, and select Run as Administrator.
Follow the steps.
I went back a few restoration points to be safe. I had a few auto (re)updates as a result, but no biggie.
Good Luck, and may the virus maker get a real virus on hir/her privates!
See my solution below
@Specter
Hi! I just want to share my experience in kicking off that fucktard win 7 total security… That for admin who suggested me to download the spyware doctor… It works so fine and finally I can remove that asshole virus right away…. Gosh… I love you so damn much!
Same problem guys. Couldn’t even open system restore. Saab with avg and it will find and remove but it WILL cum back. Restore from that point to a week or so ago 🙂 hope this helps
Helpppp!! I restored my system to earlier on in the day and now I log in and it’s just a black blank screen 😐 I don’t know what to do!!!!
I was browsing an article on msn.com when the security thing went crazy with the pop ups and it tried to make me purchase it. I attempted to use Firefox and IE to search the issue but it kept blocking the browsers. I killed the process (it was oxf.exe on my laptop) and then used spyware doctor but the program only detected 2 cookies on the initial quick scan. I decided to do a full scan immediately afterwards but at around 90% is slowed down and I dozed off. My boyfriend woke me by trying to connect through msn messenger for a video call and the moment I clicked to connect my laptop suddenly just reboot itself. It boot up to the safemode screen so I went into safemode and then reboot the pc. After it load windows normally I then tried to connect with my boyfriend on messenger again but as soon as it connected msn froze, the pc went crazy and it reboot again. There was just a slight one second flash of a blue screen but it was so fast I couldn’t see what the error was. Could my pc have overheated because of the scan that spyware doctor was performing? This is a brand new Toshiba Satellite series laptop. I can’t believe this happened while browsing msn.com. I had Avast free antivirus active at the time this occurred so I don’t understand why it didn’t detect this virus.
@JoMama
Thanks a lot, man.:D
This is SO irritating! My sons’ laptop was going nuts with all these pop-ups. Right away I knew this was not legit..Win 7 – come on. Why would Windows be Win? Anyways, this is the worst thing ever to try to get rid of. Tried System Restore, tried deleting program, nothing is working. I am ticked off!
@Steve
I am having the same problem. How do I get to the safe mode to get rid of the file?
I feel like such an idiot for paying and downloading it. Credit Card company stopped my card and launched a dispute to try and get my money back.
Other than that, i jumped on the lap top and followed instructions at the top of this page. Malewarebytes found and deleted Win 7 TVS. I restored to a day ago just in case, and now im scanning with MSE to ensure it’s gone. Thanks for the advice on here everyone!
I got rid of it using SpyBot Search and Destroy
It fixed everything including the registry values and I managed to run it just before Win 7 Total Security changed the registry so the computer did not know how to open exe files.
This spyware is MUCH worse than it seems beware!
None of the suggestions work, but a combination of your suggestion is valid. I tried tonight a solution that worked in the past as well, but didn’t think it will work again on WIN7 TS. 1)get RKill on a sd, run it on the infected PC. Then your browser should work, download and run Malwarebytes’ anti malware. Free version works and not just for detecting the infected files, it also removes or repairs them without purchasing the product. Quick scan should get you out of trouble
I feel so stupid. I fell for this too and they charged my card $69.95. Had to get a new card and everything too so the fake company would not continue taking money out! I am so mad. It seems there’s no way to recover the charge. My bank said I authorized it so I have to contact the Win 7 people to get my money back. Only problem is there’s NO WAY to contact a virus/ fake/ scam company!!! Anyone have any idea what I can do as far as finding these jerks and getting my money back????
PS – To get rid of it, we did Ctrl Alt Delete, stopped all the processess that looked like they were stemming fromthe virus. Then, wnet into Control Panel and changed the permission settings so that the virus was DENIED when trying to make any changes to my computer or run at all. It has not been back after that and I am grateful. Mad, but still grateful 🙂
Guys, I hate to be a bother AGAIN, but my issue is persisting here. I was fine for a few days and it hit me again. I did the same thing and seemingly got rid of it. Here we are a week later and it’s got me again. I’m assuming a site I frequent is infected, but I don’t know which it is. This is really getting on my nerves. I’m running Malwarebytes right now and it’s an hour in and is no longer responding. I’m still able to look around thanks to that Rkill program, but this is getting to me. Am I doing something wrong?
Specter.
2 options:
Your PC has not been cleared fully. EVERY tool misses some of the parasites.
Scan with different tools than malwarebytes. In your case I would try Hitman Pro (link in sidebar). It is a behavioral scanner + it checks files against couple malware databases. You can also try SD – it has bigger database and would terminate some of the malware processes early on.
Second option – get real-time protection. Install good internet security, or antivirus-antimalware-firewall separately. In your case, MBAM free does not provide real time protection, it is just a scanner. Also, which antivirus are you running?
i have have same problem as everyone else but the virus has block my microsoft securtiy essentials from being able to scan my computer. what shud i do?
I tried jomama suggestion and worked for me too. Search for system restore and right clicked it, chose system administrator and followed steps, VOILA! thank you guys!
my sister fell for it and purchased this it doesnt show that it was installed ,but how do you know if it is no longer on the comp. if you run a full system scan on mcafee will it find it?
I cant do any thing to remove this. I tried ending processes and it said acess denies…i tried looking it up manually and I cant find it. I cant acess the net even in safer mode and can’t run firefox or explorer as administrator. Is there anything else…I’m losing hope…
my sister fell for it and purchased it she didnt see it download but how do you know if it is still on the comp? if we run a full system scan with mcafee will it find it?
My computer was infected by Win7 Total Security spyware, and it kept blocking access to the internet. Solution… logged on as a guest. I was able to download Malawarebytes Super Malaware (Free), and perform a scan, which detected and removed the spyware.
@hey guys
entered the code and solved the problem, thanks…
Ok so I got the unregistered thing so to completely remove it i did a system restore. It brings the computer back to as much as 3 days before. Tis rid my computer of ever having this virus thing.
@everyone:
Try reformatting your computer. Reinstall windows so everything is wiped clean. Took a while but worked great. 🙂
Hey everybody. I have the Win 7 Security problem too, also not extremely computer savy. I have all the pop ups, ran Mcafee scan and it shows all is well, But when I went into the logs it showed 11 infections but would not let me see what they were. So I read here, downloaded spydoc,malwarebytes, and spybot. Spydoc wants money that I don’t have but I copied the log to see what it showed. Then ran Malwarebytes, showed basically same thing, made a copy of logs and let it clean all the files up. I thought I was finished all pop ups stopped. Then I logged in with my husbands name and there is a black screen. In the process of running scan again. Meantime looking at the processes in the task manager, there are several “exe”. files with no description. If I right click and try to go to “open location file” it will do nothing. If I right click all the others it will take me to file location. Are these part of the ones I want to get ride of? If so then how do I do that.
Unfortunately, my restore and recover executables had been deleted so I could not perform this action.
Lost couple days of work, very frustrated with this Win 7 Total Security thing. I was able to find where the .exe file is hidden and deleted it. However it disabled all of the msconfig, regedit, etc, and I could not use any of those in the manual remove instruction.
Then thanks for the reminder above about restoring :). Works like a champ. Remember to backup your important files.
I got rid of the virus by creating another user account and running Malware Bytes from there. The only remaining problem is that I can no longer open any programs or files in my original user account. I get a window asking me what program to use to open said program. Any way to fix this?
just had virus did sysyem restore thx to those who left that advice on ere help imensly
@Janae
I am trying the restore right now. will let you know how it worked….thanks
@Janae
Janae, it actually worked!!! started in Safe Mode with Networking and restored back about 4 days…Voila. Thanks again. Glad I didn’t have to go thru all that registry deletion, etc.
@Tony Millar
You are the best thank you thank you thank you, Rkill worked great.
Hi..
My laptop just recently infected with a Trojan-BNK.Win32.Keylogger.gen which AVAST wasn’t able to STOP. My firewall is down and I have pop-up that says” XP security 2010 has blocked a program from accessing..internet explorer infected with Trojan-BNK.Win32.Keylogger.gen”. Tried running Malwarebytes bytes on both safe and normal mode and it won’t open either. Even change the MBAM.exe to a different name just to fool the virus but no such luck. Every time I tried opening IE it will only shows the internet explorer alert. Any ideas on how to get rid of this virus? .
If there is internet explorer warning, then this is not real Trojan-BNK. Read the guide, there are couple ways posted how to rid of it
Thanks, system restore is working (for now!). Could really have done without that with a screaming 7 week old baby in one arm!
I ran the Norton Power eraser. It worked like a charm. I did have to cancel my debit card and have another sent, but these crooks did not get my money. Guess I may need to put an alert on my social as well. Dang, I have never had this happened before.
Tiffany: Consider getting good internet security suite or upgrading your antivirus. Quite often this is a sign that PC protection is lacking.
I can’t access my internet to download the software and I tried using safemode. I’m so stuck! Any tips on what I should do or should I bring it to a professional?
@Kenny
I also tried restoring my computer and I’m not a pro at using the computer.
I put in the key and I uninstalled itself then I used AVG to clear the rest up!! Thanks guys!!!
System restore worked for me. Thanks for the comments/suggestions…
I went with Norton Power Eraser! Worked like a dream – I was starting to panic after trying other things!!! Thank you to this forum for giving me some sound advice 🙂
Thanks so much. I disconnected my computer from the internet and did system restore. Worked like a charm
WHY NOT TRY ONE SIMPLE SOLUTION FOR ALL MALWARE< SPYWARE VIRUS……
ITS NORTON 360
Norton 360 is not 100% 😉 Especially against malware. It is ok against viruses.
Which would you recommend?
I used rkill to temporarily have Win 7 disappear and quickly installed Norton and ran a scan. It’s gone and I can now access everything effieciently.
I too made the mistake of downloading this. I called my bank to stop the transaction. I see where you are giving directions on what to do but I sign in but all i get is a blue screen. No icons. No tool bar. Nothing.I can’t get in at all. What do I need to do?
Donna: have you tried doing everything in safe mode too? Tried System restore? Registration keys? changing date? Then an option would be using alternate os scanners ( Avira, Pctools, Norton has these) or bringing PC to a tech.
Why does McAfee Plus not do anything to get rid of this? I ran a full scan with McAfee and it found 10 infected files. After the scan I restarted and Win Security 2012 is starting again!! What is the point of paying for McAfee if I have to pay again for anti spyware???
My dad bought this program because the pop up came on my brothers computer. How do i getmy dads money back? How do i remove this crap!
Jacob: contact bank.
Been through this also with a brand new computer. My question is,why can’t they hunt down these bastards and hang them.There has to be a money trail?
Jon : the trail ends in Russia usually.
Scanned comp with Malware-bytes, CCleaner, and Spy doctor wouldn’t work because it can’t update. I tried using the Register keys provided above and they didn’t work. Malware-bytes removed 4 files, but I’m still getting pop-ups and can’t access the internet. Any suggestions?
Todd
Download process explorer ( http://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe ). If it does not launch, rename it to iexplore.exe and try again. Kill processes from 3 letters in name ( wet.exe or similar). Malware icon should disappear. Run Spyware doctor again and try to update. If this fails, run TDSS killer. If this fails, check our guide about proxies and addons ( http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem ) OR support time +1-800-839-3572
I got “windows vista total security 2011” last year on both my PC’s. Which is basically the same nasty stuff. I had webroot antivirus with spysweeper 2011 back then and it blew by it. Using safe mode, it never could detect it. Finally I got tired of seeing it hooping and hollering and dancing on my screen, so since I didn’t have very many programs or stuff on my PC, I just nuked it,lol! Yes, “I did a clean re-install of windows,” and got rid of that dumb virus. Now I have Norton Security 2012,but those evil, little, nasty Malware, have been getting by a lot of the major Anti-Virus programs, so I will keep my fingers crossed!
@bob hagen
Thanks for the rkill tip. Win 7 total security blocked system restore from running but after running rkill it could run and reverting back a few days seem to solve the problem. I am crossing my fingers.
@admin
Picked up win7 total security 2011 on the 17th and on the 19th it stopped popping up and could access the internet again. Is it gone? or do I still need to check?
i cant delete this manually and with spy hunter
Javadt: Might be special build. Rescan your PC with mbam or hitman pro. SH had killed the process, right ?
Tyron : scan with hitman pro, make sure there is no trojan downloader.