March 17, 2011

Win 7 Antispyware 2011.

Win 7 Antispyware 2011 or Win 7 Security 2011 is a rogue anti-spyware which may enter your system silently because it applies backdoor techniques of distribution.
Win 7 Antispyware 2011 infects only the ones machines that run Windows 7, but it can also come inside with a name of Vista Antispyware 2011 or XP Antispyware 2011 if it detects Vista or XP running there. This program has been actively malvertised in the beginning of November and with its numerous relatives they all make this huge Fake Security AntiMalware Guard antiviruses family.

Win 7 Antispyware 2011 uses its fake scanner and imitates looking for infections in your system even if you didn’t ask to perform a system scan. Then it generates a list of infections and recommends removing them. All you are asked to do is making a payment for a license of Win 7 Antispyware 2011. The program claims that a full version of a program will be able to remove every single infection detected.

As long as Win 7 Antispyware will be running on your computer, you will receive tons of security notifications warning that some harmful viruses have been detected on your system.


Kill malicious Processes from Task Manager:
  1.  pw.exe
  2. MSASCui.exe
 Location of the infection:
  • %UserProfile%\AppData\Local\pw.exe
  • %UserProfile%\AppData\Local\MSASCui.exe
  • %UserProfile%\Local Settings\Application Data\pw.exe
  • %UserProfile%\Local Settings\Application Data\MSASCui.exe
Registry Entries to be removed. (Take a backup of registry, before editing it)
  1.  HKEY_CURRENT_USER\Software\Classes\pezfile
  2.  HKEY_CLASSES_ROOT\pezfile
  3.  HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
  4.  HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
  5.  HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
Although it is possible to manually remove Win 7 Antispyware 2011, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend  malware and spyware removal applications.

After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.


Latest version of the virus as of June 19, 2011 has an executable called sck.exe that is located in the C:\Users\userman\AppData\Local folder. There is also a log file that will have today's date. I found three copies of the executable running and killed them all but it would regenerate so open sck.exe with notepad and change the first couple of lines out with random text and save. This will completely kill the executable if it tries to run. Then kill everything that's running and then clean your registry of anything with sck.exe.

Sorry for the typo. It's in the C:\Users\username\AppData\Local folder

Thanks computer got infected today..hope this helps

Wonderful blog! Keep updating the good stuff.

I found it while searching on Internet.

I found this one also. Try it if it helps. :)

Steps to remove viruses and Spyware manually

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



Twitter Delicious Facebook Digg Stumbleupon Favorites More