Win 7 Anti-Virus 2011 is a rogue antispyware program, clone of Win 7 Antimalware 2011. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to trick you into purchasing its full version. So, do not trust anything that this malware will display you and remove Win 7 Anti-Virus 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues, Win 7 Anti-Virus 2011 is installed via trojans without your permission and knowledge. Immediately after launch, it will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware applications.
Once running, Win 7 Anti-Virus 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!
While Win 7 Anti-Virus 2011 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Win 7 Anti-Virus 2011 detected 35 critical system objects.
Last but not least, Win 7 Anti-Virus 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Win 7 Anti-Virus 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Win 7 Anti-Virus 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Win 7 Anti-Virus 2011 and any associated malware from your computer for free.
Use the following instructions to remove Win 7 Anti-Virus 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Windows returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Win 7 Anti-Virus 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Win 7 Anti-Virus 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Win 7 Anti-Virus 2011. MalwareBytes Anti-malware will now remove all of associated Win 7 Anti-Virus 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Win 7 Anti-Virus 2011 creates the following files and folders
%AppData%\hee.exe
Win 7 Anti-Virus 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thanks so much.. got rid off the annoying fake messages by using method 1!!
thanks again!!
thx… tried everything and then the wife found your site…your method # 1 actually worked in removing win anti-virus 2011… so far so good…
Thanks mate…Step 1 worked like magic 🙂
Doing method 1 really works!
And make sure you run step 2 to purge the malware completely!
I saved the file in step 1, however, when I click yes to open it, it reads:
“Registry Editor
Cannot import C:\users\Owner\Desktop\fix.reg: The specifies file is not a registry script. You can only import binary registry files from within the regisrty editor.”
Help?
When I type command in run, it cannot find command 🙁
super thanks! worked sooooooo well! mwah! 🙂
Nix, check twice the .reg script or try method 2.
Thank you so much for your help. I am currently busy with my Masters Degree, and I saved all my work in one file, and because of this stupid Trojan, I couldn’t access that file. You’re the best! Thanks!
bro,thanks a million,the first method i hope u hv not kept it first by luck it supposed to b 1st its simple and work perfeckly thanks guyz…
Step 1 method 1 followed by step 2 worked like a charm. Thanks
thank you so much dear. a kiss to lips.
Same problem as nix. im told the exact same thing. is this a windows 7 issue?
i had a similar problem with clickpotato, i just used system restore and that let me on internet to get mbam. this one wont though
thanks you so much method 2 worked! i owe you man
Method 1 worked great for getting rid of the virus, but now I can’t download anything or run anything that’s .exe … so I can’t do the second step to finish it. Is there any way I can get my computer back to how it was before, minus the virus?
Valerie, you need to repeat the step 1. Once complete, skip “reboot your PC” step and try download and run Malwarebytes.
THANK YOU SO MUCH!
OMG – thank you so much – i really got scared.
Mcafee did not even scan it
I try to do part 1 and when i go into command prompt it pops up with only internet explorer and then browse.
Step 1 Method 1 … worked a treat …. + completed step 2 and removed the rest …. thank you very much.
Non of the above worked for me on windows 7. I couldn’t run exe files or system restore. Tried loads of sites with no joy. But here’s the solution found by luck 🙂 If you have malware bytes anti malware just right click and run as admin this will open it. If not just right click your internet browser and right click and run as admin download malware byte or what ever remover you prefer right click and run as admin job done. I don’t know how this works but seems to bypass virus. Happy days please spread the word.
Cheers
John
Method 1 worked to perfection, i had tried using spyware doctor but win 7 antivirus kept stopping it from opening. Stumbled on this article, thank you so much !!
This was amazing! I was ready to snap my laptop in half before my sister helped to find this page. Thank you so much!
Thanks so much for this. The virus scared the hell out of me when it said my laptop was infected with 27 viruses! It took me a good couple of minutes before I realised something wasn’t quite right with the ‘antivirus’ software that kept popping up. For a moment I also considered paying for it. Pretty scary. I just hope no one falls foul of it.
after done all the step it works,but after a 1day the virus come back again …does means it cant totally remove the virus it just a temporary remove only izzit?
Thanks for the run through. My sister had this on her computer, I’m running Malwarebytes right now. I’ll be beating her thoroughly with a clue-by-four in the near future.
Thank you soooo much! I was downloading ppt slides for my econ class as finals are next week. Got that nasty virus and you safed me life!! THANK YOUUU 🙂
Thanks a million!!!
Perfect!
You Patrik! you’re like Einstein on these machines! Thanks SO MUCH!
I’m going to use this site alot