Win 7 Anti-Virus 2011 is a rogue antispyware program, clone of Win 7 Antimalware 2011. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to trick you into purchasing its full version. So, do not trust anything that this malware will display you and remove Win 7 Anti-Virus 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues, Win 7 Anti-Virus 2011 is installed via trojans without your permission and knowledge. Immediately after launch, it will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware applications.
Once running, Win 7 Anti-Virus 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!
While Win 7 Anti-Virus 2011 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Win 7 Anti-Virus 2011 detected 35 critical system objects.
Last but not least, Win 7 Anti-Virus 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Win 7 Anti-Virus 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Win 7 Anti-Virus 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Win 7 Anti-Virus 2011 and any associated malware from your computer for free.
Use the following instructions to remove Win 7 Anti-Virus 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Windows returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Win 7 Anti-Virus 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Win 7 Anti-Virus 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Win 7 Anti-Virus 2011. MalwareBytes Anti-malware will now remove all of associated Win 7 Anti-Virus 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Win 7 Anti-Virus 2011 creates the following files and folders
%AppData%\hee.exe
Win 7 Anti-Virus 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
thankyou so muchh!!!! 😀
that was a sick ass problem!!thank you so much!!!!method 1 works here.:)
Thank you thank you thank you! The virus is now gone!
Went through the steps using method 1. Worked wonderfully! Thank you so much for the post!!!!
Also, FWIW, AVG free edition did not catch any of the problem files.
Just used Method 1 and it workes like a charm! Thank you so much!
tried method one and now for every program i open it shows error windows cannot acess the specified device or file you may not have appropriate permission to access item…. help plz
thank u so much.
man, you just f0ing saved my life. literally :-/
One of the most straight-forward sets of instructions I’ve seen. Thanks very much — worked like a charm!
Method 1 worked immediately! Thank you!
At first I panicked. But I thought Microsoft won’t scam me into buying their product. But I can’t access to my browser, so I google my way here using my Iphone.
Followed your Method 1 and it worked like a charm! I copied the whole thing using my laptop and transfer the notepad to my affected pc using mass storage. Then once I’m able to using my browser, I enter this page and proceed to step 2.
Thank you so much! Just couldn’t thank enough. You guys are great! I believe that good people do still exist in this world, and that keep me going!=)
Thank you so much for this wonderful tips.
For me Method 1 worked, everything backs to normal.
Have a nice day!
Thanks Alot. if you are manually typing method 1 since the stupid thing won’t let u open Internet, make sure u type it correctly it will work. Thanks again glad I got this stupid thing off however it damaged my windows 7 slightly b/c windows is now asking for a registry key, but my laptop came with windows 7 so I’m a little confused about this
Thnks Great Job
hi
please help me
I need to download MalwareBytes Anti-malware…and everytime I click on download…it says: “Your current security settings do not allow this file to be downloaded”
What should i do to fix this and then download MalwareBytes Anti-malware.
helpppp…im unable to download MalwareBytes Anti-malware (MBAM) cos it says “Your current security settings doesnt allow this”
Thanx a lot… followed both steps…
systems working fine.. thanx a lot.
After following all these steps, how can you be 100% certain that your computer no longer has this virus?
THANKYOU!!!!
matt, try download Malwarebytes in Safe mode with networking
GREAAAAAAT!!!!!!! METHOD 1
thanks a million. method 1 worked like a charm.. could not access the internet so had manual copy the code from my phone but still worked. thanks.
All I can say is Thank you so very much from the bottom of my heart for this information! You saved my sons computer! Used method one and it worked perfectly! Could not access the internet and manually copied from my computer to his and it worked!!! Amazing! Thanks again!
Method 1 wortked and now MS Security Essentials working again so do I need to do anything else? I actually fell for this and paid as could not access Internet at all as pop up blocked it-Big Mistake and now got to try to get payment stopped!!
Thank You So Much.
Step 1 Method 1 is amazing, but… in step 2, the MBAM said there is no virus or malware are scanned…
Thanks, I had to type the stuff into notepad reading it off my phone, worked for me. Got this b.s. malware from google images. Pisses me off, I had microsoft security essentials running but it didn’t prevent this. After I removed it with mbam I had to uninstall and renstall mse because this trojan nuked it. Now I’m worried if it stole my passwords or uploaded any of m data before I could wipe it out
Hey, it won’t let me open the command prompt.. It’s saying “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.” Please help! 🙁 I can’t do anyyyything on my laptop!
Method 1 worked and everythings fine until 2 days later the same win7 anti spyware thing came back.. Redid method one and got rid of it but all my programs are not there nomore and cant acess my documents. Any ideas thanks
Thanks a lot! Your instructions were easy to follow and everything worked great! I had to manually do all of it because I could’t access the internet. I tried many other websites and all were confusing. Thanks again!