Helping people with computers... one answer at a time.
Win 7 Home Security 2012 is the latest in a long line of so-called "scareware" trojans. I'll review this malware and how to stay safe.
Twice now, in as many months, I've been hit with the Win 7 Home Security 2012 trojan. First time, I was able to kill it with Malwarebytes in Safe Mode. This time, it even showed up in Safe Mode and my system now won't boot. I had to take my desktop to Best Buy to get it cleaned and fixed. Do you have any recommendations for preventing trojans like this for infecting my system in the first place? I have a PC running Windows 7. Personally, I think these sociopathic oxygen thieves that create this digital fecal matter should ....
I can understand your frustration.
Right up there with spammers, the folks that create this kind of stuff deserve severe punishment. When you tally up the overall cost in wasted time, data loss, and who knows what else, the impact of malware like this is significant.
From what I've seen, "Win 7 Home Security 2012" propagates through pretty traditional means.
Which means prevention is, as well, fairly traditional.
Let's review what that means.
This particular bit of malware seems to be showing up more often of late. It's really just the latest in a long line of similar trojans that appear every year.
This particular trojan is often classified as "scareware", attempting to scare you into purchasing the so-called "full version" to remove a long list of infections. The infections listed are fake. The goal is simply to get you to hand over some money and possibly to entice you to download even more malware onto your machine.
Fortunately, I've not been infected by this little gem. However, my research shows that it generally infects your machine in one of the two most common infection vectors:
Anything that tricks you to download and run an executable - including web downloads, peer-to-peer file sharing, email attachments, and more.
Malicious or hacked web sites that take advantage of unpatched vulnerabilities in your operating system or browser.
Other than its persistance and annoyance, there's nothing particularly unique about how Win 7 Home Security 2012 propagates.
The good news is that because it propagates in traditional ways, traditional security steps can be used to avoid it.
Use a good anti-virus program, make sure that it's up-to-date and scanning regularly.
Keep your operating system, browser, browser plugins, and other applications as up-to-date as possible.
Use a firewall (your router will do).
Use common sense.
That last one is perhaps the most difficult. There's absolutely nothing that can protect you from yourself; as a result, malware often successfully propagates by convincing you that it's something that you really, really want. Until you get it, of course, at which point you know that you've been had.
All of these steps, and a few more, are covered in Internet Safety: How do I keep my computer safe on the internet?
There are dozens of sites on the web with removal instructions for this specific bit of malware. Bleepingcomputer.com is one good source.
The instructions boil down to:
Possibly using a different computer to safely perform downloads.
Running a couple of scripts and tools to fix a couple of specific registry modifications made by the malware.
Running a tool to kill existing running instances of the malware.
Using Malwarebytes Anti-malware (free) to remove the infection.
I won't duplicate the instructions here. Just head over to the page on bleepingomputer.com with the detailed instructions.
Also worth mentioning is the virus recovery checklist in How do I recover from a bad virus infection?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.