|
D7 is a tool for PC technicians to aid in many tasks and provide a uniform procedure for technicians to follow. It has many capabilities and many uses including but not limited to:
- offline and live malware removal assistance via many internal and 3rd party tools
- repairing Windows after malware removals
- general PC maintenance
- offline and live registry editing with mass search & delete features
- offline and live data backup
- CPU/RAM stress testing
- information gathering and quality assurance uses
- OS Branding
- IP/DNS configuration + backup & restore
- shortcuts to frequently used Windows components
- quick access to frequently used Windows tweaks
- numerous right-click context menu (in Windows Explorer) features for working with files and directories
- wrappers / one-click execution options for frequently used command line tools
- synchronization of Malware Scan definition files
- automatic updates of all your favorite 3rd party tools via Ketarin
- offline application of password removal tricks enabling you to gain access to password protected live systems
Too much to list here, right now at least.
Note that D7 is not the malware scanner or remover, YOU are. YOU control it's behavior by whitelist/blacklist functionality, and by your own pair of hopefully good eyeballs. D7's MalwareScan functionality is designed to show you what D7 doesn't recognize, by whitelisting known good items, and automatically deleting known bad items. D7's MalwareScan merely shows you what is left after the whitelisting/blacklisting is applied. From there, you have the option to whitelist, blacklist, delete, rename, ignore, google, or whatever you want with the results.
Included with D7 are some sample whitelists (yet no blacklists.) It's up to you to decide if you should use them and add to them, or delete them and create your own.
THIS TOOL IS INTENDED FOR EXPERIENCED PC TECHNICIANS ONLY, NOT FOR "END USERS." This tool can be very dangerous and destructive if you don't know how to use it properly, or are inexperienced in malware removal techniques.
I have provided an online manual, which I do encourage EVERYONE to read, however most functions inside D7 are self-explanatory or include enough information in the tool tips (over your mouse over the name of the function) for any experienced computer technician to recognize what it is and what it does. If you are really confused, then just ASK ME and I'll try to explain it!
Here is a short video demonstrating the most simple malware removal scenario.
D7 - Malware Removal Showcase 1
Feedback is appreciated! Please always include your name and email address so I can get back with you. I am always interested in hearing your ideas for new features as well as existing issues with the software. If you are reporting an issue, please first check the known bugs in the about / release notes screen of D7, and if not listed, include steps that I can take to recreate the problem you are experiencing.
Donations are encouraged if you enjoy it, find it helpful, and/or you continually use the software. So if it helps make you money, why not pass a little of that back my way? Please click the "Feed My Baby!" link to the left of this page to donate. Your donations will appear as going to "Computer Guy IT Solutions" which is my side business.
If you don't want to donate, that's ok too. I used to be like you, and that's ok. I started playing a shareware Tetris clone called Zentris back in 1994 or around there, and it probably 2006 before I ever got around to sending my registration fee to the author after tracking him down. Not sure what got into me, other than a few extra bucks, but I sent the cash with an apology, a short story on how much I loved the software, and a not so simple request: that he release the long forgotten but never programmed Windows version. Within 2 weeks I had a workable Windows version (ahem, and another registration fee in order to register it LOL) but it was all worth it.
Anyway, you can still be helpful to me if you wish by feedback, new ideas, problem reporting, or just drop me an email with a "thanks" in it would be sufficient! Better yet, a postcard would be great! Whatever corner of the world you live in, you can send me a nice post card to:
P.O. Box 1370
Manteo, NC 27954
U.S.
Thank you!
D7 by itself requires no setup, however you may want to use D7 with all of its functionality available by having the 3rd party tools it is designed to work with. In this case, please see the SETUP section in the ONLINE MANUAL to the left. Thanks!
PORTABLE USE:
D7 is a fully portable application, however there are some considerations for those who define "portable" very strictly, and you may wish to visit the SETUP section in the ONLINE MANUAL to the left, to read the PORTABLE USAGE NOTES.
LICENSE:
This software is licensed, however it is completely FREE for personal and commercial use under the terms of this license. A thank you email would be nice! You could even donate a few bucks via Paypal if you really wanted to.
- ANY use of this application is FREE only if you acknowledge that this program is provided with no warranties or guarantees of any kind, and that you (not John N. Shaw, not www.FoolishIT.com, not my web host, not your ISP, not your mother) and only you are held as the bearer of sole responsibility for any use or misuse of this software and any resulting damages in any form, monetary or otherwise. If you do not accept this policy but are still compelled to use the software, there is a small one-time licensing fee of 10 million dollars.
- There are no limitations, no trial versions, no included code for licensing/activation/etc., no ads, no nags, no 3rd party *ware of any sort included in this software or it's installer. This program is provided as-is, with no guarantees, no warranties, and no worries.
- Source code for this application remains the sole property of the author; this is at least until I can learn to code better and re-write it so that it isn’t not so embarrassing. I may open source it at some point after this. Don't count on it because I'm really lazy.
- Any use of this software requires that you accept the fact that I'm not responsible for anything you do with any software, including this app!
|
|
Remove Win 7 Internet Security 2012 (Uninstall Guide)
Posted by Grinler on December 6, 2011 @ 12:05 PM · Views: 51,008
Add to Favorites!  Print Guide!
What this infection does:
Win 7 Internet Security 2012 is a variant of the 2012 name-changing rogue
program that changes its name randomly depending on the version of
Windows it is installed on. This guide will cover the variant of the
2012 name changing rogue called Win 7 Internet Security 2012. This rogue
is promoted in two ways. The first is through the use of fake online
antivirus scanners that state that your computer is infected and then
prompt you to download a file that will install the infection. The other
method are hacked web sites that attempt to exploit vulnerabilities in
programs that you are running on your computer to install the infection
without your knowledge or permission.
When installed, this rogue pretends to be a security update for
Windows installed
via Automatic Updates. It will then install itself as a single
executable that has a random name consisting of three characters, such
as gln.exe, that uses very aggressive techniques to
make it so that
you cannot remove it. First, it makes it so that if you launch any
executable
it will instead start the Win 7 Internet Security 2012 rogue and state
that the executable you initially wanted to run is infected. It will
also modify certain keys so that
when you launch FireFox or Internet Explorer from the Window Start
Menu it will
launch the rogue instead and display a fake firewall warning stating
that the program is infected.
Win 7 Internet Security 2012 screen shot
For more screen shots of this infection click on the image above.
There are a total of 4 images you can view.
Once started, the rogue itself, like all other rogues, will scan your computer
and state that there are numerous infections on it. If you attempt to use the
program to remove any of these infections, though, it will state that you need
to purchase the program first. In reality, though, the infections that the rogues
states are on your computer are all legitimate files that if deleted could cause
Windows to not operate correctly. Therefore, please do not manually delete any
files based upon the results from this rogue's scan.
While running, Win 7 Internet Security 2012 will also display fake security alerts on the infected computer. The text
of some of these alerts are:
Severe System Damage!
Spyware and viruses detected in the background. Sensitive system
components under attack! Data loss, identity theft and system corruption
are possible. Act now, click here for a free security scan.
Virus Intrusion!
Your computer security is at
risk. Spyware, worms, and Trojans were detected in the background.
Prevent data corruption and credit card information theft. Safeguard
your system and perform a free security scan now.
Win 7 Internet Security 2012 Alert
System Integrity Check
Warning! Sensitive data may be sent over your internet connection right now!
Threat: Trojan-PSW.Win32.Antigen.A
Win 7 Internet Security 2012 Firewall Alert
Win 7 Internet Security 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details
and passwords.
Threat Detected!
Security Alert! Your computer was found to be infected with
privacy-threatening software. Private data may get stolen and system
damage may be severe. Recover your PC from the infection right now,
perform a security scan.
System danger!
Your system security is in danger. Privacy threats detected. Spyware,
keyloggers or Trojans may be working the background right now. Perform an
in-depth scan and removal now, click here.
System Hijack!
System security threat was detected. Viruses and/or spyware may be
damaging your system now. Prevent infection and data loss or stealing by running
a free security scan.
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity
is at risk. Private data can be stolen by third parties, including credit
card details and passwords. Click here to perform a security repair.
Win 7 Internet Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and
sensitive data may be stolen. Do you want to block this attack?
Just like the scan results, these security warnings and alerts are all fake
and should be ignored.
While running, Win 7 Internet Security 2012 will
also hijack Internet Explorer and Firefox so that you cannot visit certain sites. It does
this so that you cannot receive help or information at sites like BleepingComputer.com
on how to remove this infection. When you attempt to visit these sites you will
instead be shown a fake alert stating that the site you are visiting is dangerous
and that the rogue is blocking it for your protection. The message that you
will see is:
Win 7 Internet Security 2012 Alert
Internet Explorer alert. Visiting this site
may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site's pages which installed unwanted software
into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.
Things you can do:
- Get a copy of Win 7 Internet Security 2012 to safeguard your PC while surfing
the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)
Just like the fake security alerts, the browser hijack is just another attempt
to make you think that your computer has a security problem so that you will
then purchase the program.
Without a doubt, this rogue is designed to scam you out of your money
by hijacking
your computer and trying to trick you into thinking you are infected.
Therefore,
please do not purchase this program , and if you have, please contact
your credit
card company and dispute the charges stating that the program is a
computer
infection. Finally, to remove Win 7 Internet Security 2012 please use
the guide below, which only contains programs that are free
to use.
Threat Classification:
Advanced information:
View Win 7 Internet Security 2012 files.
View Win 7 Internet Security 2012 Registry Information.
Tools Needed for this fix:
Guide Updates:
Automated Removal Instructions for Win 7 Internet Security 2012 using Malwarebytes' Anti-Malware:
- Print out these instructions as we will need to close every window that
is open later in the fix.
- It is possible that the infection you are trying to remove will not allow
you to download files on the infected computer. If this is the case, then
you will need to download the files requested in this guide on another computer
and then transfer them to the infected computer. You can transfer the files
via a CD/DVD, external drive, or USB flash drive.
- This infection changes settings on your computer so that when you launch
an executable, a file ending with .exe, it will instead launch the infection
rather than the desired program. To fix this we must first download a Registry
file that will fix these changes. From a clean computer, please download the
following file and save it to a removable media such as a CD/DVD, external
Drive, or USB flash drive.
FixNCR.reg
(http://download.bleepingcomputer.com/reg/FixNCR.reg)
Once that file is downloaded and saved on a removable devices, insert the
removable device into the infected computer and open the folder the drive
letter associated with it. You should now see the FixNCR.reg file that you
had downloaded onto it. Double-click on the FixNCR.reg file
to fix the Registry on your infected computer. You should now be able to run
your normal executable programs and can proceed to the next step.
If you do not have any removable media or another clean computer that you
can download the FixNCR.reg file onto, you can try and download it to your
infected computer using another method. On the infected computer, right click
on the Internet Explorer's icon, or any other browser's icon, and select Run
As or Run as Administrator. If you are using Windows
XP, you will be prompted to select a user and enter its password. It is suggested
that you attempt to login as the Administrator user. For
Windows 7 or Windows Vista, you will be prompted to enter your Administrator
account password.
Once you enter the password, your browser will start and you can download
the above FixNCR.reg file. When saving it, make sure you save it to a folder
that can be accessed by your normal account. Remember, that you will be launching
the browser as another user, so if you save it to a My Documents folder, it
will not be your normal My Documents folder that it is downloaded into. Instead
it will be the My Documents folder that belongs to the user you ran the browser
as. Once the download has finished, close your browser and find the FixNCR.reg
file that you downloaded. Now double-click on it and allow the data to be
merged. You should now be able to run your normal executable programs and
can proceed to the next step.
- Now we must first end the processes that belong to
Win 7 Internet Security 2012
and clean up some Registry settings so they do not interfere with the cleaning
procedure. To do this, please download RKill to your desktop from the following
link.
RKill
Download Link - (Download page will open in a new tab or browser window.)
When at the download page,
click on the Download Now button labeled iExplore.exe download link
. When you are prompted where to save it, please save it on your desktop.
- Once it is downloaded, double-click on the
iExplore.exe
icon in order to automatically attempt to stop any processes associated
with
Win 7 Internet Security 2012
and other Rogue programs. Please be patient while the program looks for various
malware programs and ends them. When it has finished, the black window will
automatically close and you can continue with the next step. If you get a
message that RKill is an infection, do not be concerned. This message is just
a fake warning given by
Win 7 Internet Security 2012
when it terminates programs that may potentially remove it. If you run into
these infections warnings that close RKill, a trick is to leave the warning
on the screen and then run RKill again. By not closing the warning, this typically
will allow you to bypass the malware trying to protect itself so that rkill
can terminate
Win 7 Internet Security 2012
. So, please try running RKill until the malware is no longer running. You
will then be able to proceed with the rest of the guide. If you continue
having problems running RKill, you can download the other renamed versions
of RKill from the rkill
download page. All of the files are renamed copies of RKill, which you
can try instead. Please note that the download page will open in a new browser
window or tab.
Do not reboot your computer after running RKill as the malware programs will
start again.
- There have been reports of this infection being bundled with the
TDSS rootkit infection. To be safe you should also run a program that
can be used to scan for this infection. Please follow
the steps in the following guide:
How
to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
If after running TDSSKiller, you are still unable to update
Malwarebytes' Anti-malware or continue to have Google search result
redirects, then you should post a virus removal request using the steps
in the following topic rather than continuing with this guide:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help Topic
If TDSSKiller requires you to reboot, please allow it to do so. After
you reboot, reboot back into Safe Mode with Networking again.
- Download Malwarebytes' Anti-Malware, or MBAM, from the following location
and save it to your desktop:
Malwarebytes' Anti-Malware Download Link
(Download page will open in a new window)
- Once downloaded, close all programs and Windows on your computer, including
this one.
- Double-click on the icon on your desktop named mbam-setup.exe.
This will start the installation of MBAM onto your computer.
- When the installation begins, keep following the prompts in order to continue
with the installation process. Do not make any changes to default settings
and when the program has finished installing, make sure you leave both the
Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware checked. Then click on the Finish
button.
- MBAM will now automatically start and you will see a message stating that
you should update the program before performing a scan. As MBAM will automatically
update itself after the install, you can press the OK button
to close that box and you will now be at the main program as shown below.
- On the Scanner tab, make sure the the Perform
full scan option is selected and then click on the Scan
button to start scanning your computer for
Win 7 Internet Security 2012
related files.
- MBAM will now start scanning your computer for malware. This process can
take quite a while, so we suggest you go and do something else and periodically
check on the status of the scan. When MBAM is scanning it will look like the
image below.
- When the scan is finished a message box will appear as shown in the image
below.
You should click on the OK button to close the message box and continue with
the
Win 7 Internet Security 2012
removal process.
- You will now be back at the main Scanner screen. At this point you should
click on the Show Results button.
- A screen displaying all the malware that the program found will be shown
as seen in the image below. Please note that the infections found may be different
than what is shown in the image.
You should now click on the Remove Selected button to remove
all the listed malware. MBAM will now delete all of the files and registry
keys and add them to the programs quarantine. When removing the files, MBAM
may require a reboot in order to remove some of them. If it displays a message
stating that it needs to reboot, please allow it to do so. Once your computer
has rebooted, and you are logged in, please continue with the rest of the
steps.
- When MBAM has finished removing the malware, it will open the scan log and
display it in Notepad. Review the log as desired, and then close the Notepad
window.
- You can now exit the MBAM program.
- As many rogues and other malware are installed through vulnerabilities found
in out-dated and insecure programs, it is strongly suggested that you use
Secunia PSI to scan for vulnerable programs on your computer. A tutorial on
how to use Secunia PSI to scan for vulnerable programs can be found here:
How to
detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Your computer should now be free of the Win 7 Internet Security 2012 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.
If you are still having problems with your computer after
completing these instructions, then please follow the steps outlined in
the topic linked below:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Associated Win 7 Internet Security 2012 Files:
%AllUsersProfile%\
%Temp%\
%LocalAppData%\
%LocalAppData%\.exe
%AppData%\Microsoft\Windows\Templates\
File Location Notes:
%Temp% refers to the Windows
Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME,
C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\Temp for
Windows 2000/XP, and C:\Users\\AppData\Local\Temp
for Windows Vista and Windows 7.
%AllUsersProfile% refers
to the All Users Profile folder. By default, this is C:\Documents and
Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows
Vista/7.
%AppData% refers to the current users Application
Data folder. By default, this is C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and
Windows 7 it is C:\Users\\AppData\Roaming.
%LocalAppData%
refers to the current users Local settings Application Data folder. By
default, this is C:\Documents and Settings\\Local
Settings\Application Data for Windows 2000/XP. For Windows Vista and
Windows 7 it is C:\Users\\AppData\Local.
Associated Win 7 Internet Security 2012 Windows Registry Information:
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'ah'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah
HKEY_CURRENT_USER\Software\Classes\ah "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\ah "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\ah\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
This is a self-help guide. Use at your own risk.
|
|
|
