Win 7 Security Cleaner Pro Interface

Win 7 Security Cleaner Pro is a fake anti-spyware application that can be acquired through drive-by installs from visits to malicious websites and also by the installation of Trojans masquerading as legitimate programs that may be needed to view online video. Once Win 7 Security Cleaner Pro has compromised your system it begins to display fake security warnings and scan results. It may also prevent you from starting other applications and visiting websites. When you attempt accessing web pages through a web browser, the Trojan may pop up with a security warning that states the page you are trying to visit is a security risk. Ignore the warnings, because they are fake and just meant to scare you into purchasing a license for this rogue anti-spyware.

You will need to download three utilities on a clean computer and then transfer them to the infected computer by cd/dvd or flash drive to remove this infection. The utilities that you need include:

How to remove Win 7 Security Cleaner Pro step by step

  1. First, start the compromised computer into "Safe Mode with Networking"

  1. Log into an account with administrative rights
  2. Next, insert the cd/dvd or flash drive with the downloaded utilities from the clean computer into the compromised system
  3. Navigate to the drive with the utilities and execute the copy of "rKill". It will terminate any malicious processes that it detects in your computer's memory. And it will also reset malicious registry changes that the trojan may have made.

  1. After "rKill" has completed, execute the copy of "Emsisoft Emergency Kit". Decompress it to an easily accessed directory on the compromised computer.
  2. Once it has been decompressed, double click on "Start.exe" in it's folder to execute it.
  3. Update the emergency kit when it prompts you.
  4. Next run a  deep scan with the kit.

  1. After it completes, remove any malicious files that it locates on your computer.

  1. After the removal of malicious files, execute the copy of "TDSSKiller" to search for and remove any root kit infections that were associated with Win 7 Security Cleaner Pro.

  1. After "TDSSKiller" has completed, restart your computer normally.

At this point you're done and your computer should be free of the rogue anti-spyware. But if there are still indications of an infection, you may need to contact a professional virus removal specialist to remedy your particular situation

Associated Win 7 Security Cleaner Pro Application Files

%CommonAppData%\<random characters and numbers>

%LocalAppData%\<random characters and numbers>

%LocalAppData%\<random 3 characters>.exe

%Temp%\<random characters and numbers>

%AppData%\Roaming\Microsoft\Windows\Templates\<random characters and numbers>

Associated Win 7 Cleaner Pro Application Registry Entries and Modifications

HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = '<random>'

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\<random 3 chars>.exe" -a "%1" %*


HKEY_CURRENT_USER\Software\Classes\<random> "(Default)" = 'Application'

HKEY_CURRENT_USER\Software\Classes\<random>\DefaultIcon "(Default)" = '%1'

HKEY_CURRENT_USER\Software\Classes\<random>\shell\open\command "(Default)" = "%LocalAppData%\<random 3 chars>.exe" -a "%1" %*

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\<random 3 chars>.exe" -a "%1" %*

HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\<random 3 chars>.exe" -a "%1" %*

HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\<random 3 chars>.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\<random 3 chars>.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\<random 3 chars>.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""


Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer.  There are several variations of each particular virus in the wild . And the procedure listed above may not be adequate for the specific version of the virus that your computer has been compromised by.

If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.

Windows advanced options menu Windows 7 command prompt Emsisoft emergency kit interface Emsisoft emergency kit interface Kaspersky tdsskiller start screen Kaspersky TDSSKiller options screen

© 2013 All Rights Reserved. Website Privacy Policy. Site Map

Share on Twitter Share on Stumble Upon Share on Digg Share on Delicious

Providing cost-effective local computer repair and network support in the middle Tennessee area

Remote Access Portal

Remote Access Icon
Home About Us Onsite Services Online Services Self Help Pricing Blog Inquiries