How do I avoid trojans like Win 7 Home Security 2012?

Helping people with computers... one answer at a time.

Ask Leo! » Viruses and Malware » Malware Prevention

Win 7 Home Security 2012 is the latest in a long line of so-called "scareware" trojans. I'll review this malware and how to stay safe.

Twice now, in as many months, I've been hit with the Win 7 Home Security 2012 trojan. First time, I was able to kill it with Malwarebytes in Safe Mode. This time, it even showed up in Safe Mode and my system now won't boot. I had to take my desktop to Best Buy to get it cleaned and fixed. Do you have any recommendations for preventing trojans like this for infecting my system in the first place? I have a PC running Windows 7. Personally, I think these sociopathic oxygen thieves that create this digital fecal matter should ....

•

I can understand your frustration.

Right up there with spammers, the folks that create this kind of stuff deserve severe punishment. When you tally up the overall cost in wasted time, data loss, and who knows what else, the impact of malware like this is significant.

From what I've seen, "Win 7 Home Security 2012" propagates through pretty traditional means.

Which means prevention is, as well, fairly traditional.

Let's review what that means.

•

Win 7 Home Security 2012

This particular bit of malware seems to be showing up more often of late. It's really just the latest in a long line of similar trojans that appear every year.

“The good news is that because it propagates in traditional ways, traditional security steps can be used to avoid it.”

This particular trojan is often classified as "scareware", attempting to scare you into purchasing the so-called "full version" to remove a long list of infections. The infections listed are fake. The goal is simply to get you to hand over some money and possibly to entice you to download even more malware onto your machine.

Getting Win 7 Home Security 2012

Fortunately, I've not been infected by this little gem. However, my research shows that it generally infects your machine in one of the two most common infection vectors:

Anything that tricks you to download and run an executable - including web downloads, peer-to-peer file sharing, email attachments, and more.
Malicious or hacked web sites that take advantage of unpatched vulnerabilities in your operating system or browser.

Other than its persistance and annoyance, there's nothing particularly unique about how Win 7 Home Security 2012 propagates.

Avoiding Win 7 Home Security 2012

The good news is that because it propagates in traditional ways, traditional security steps can be used to avoid it.

Use a good anti-virus program, make sure that it's up-to-date and scanning regularly.
Keep your operating system, browser, browser plugins, and other applications as up-to-date as possible.
Use a firewall (your router will do).
Use common sense.

That last one is perhaps the most difficult. There's absolutely nothing that can protect you from yourself; as a result, malware often successfully propagates by convincing you that it's something that you really, really want. Until you get it, of course, at which point you know that you've been had.

All of these steps, and a few more, are covered in Internet Safety: How do I keep my computer safe on the internet?

Removing Win 7 Home Security

There are dozens of sites on the web with removal instructions for this specific bit of malware. Bleepingcomputer.com is one good source.

The instructions boil down to:

Possibly using a different computer to safely perform downloads.
Running a couple of scripts and tools to fix a couple of specific registry modifications made by the malware.
Running a tool to kill existing running instances of the malware.
Using Malwarebytes Anti-malware (free) to remove the infection.

I won't duplicate the instructions here. Just head over to the page on bleepingomputer.com with the detailed instructions.

Also worth mentioning is the virus recovery checklist in How do I recover from a bad virus infection?

Article C5009 - December 10, 2011 « »

Share this article with your friends:

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

How do I recover from a bad virus infection? Recovering from a bad virus infection isn't always easy, but there are some things to try before drastic measures need to be taken.
How do I remove a virus if it prevents me from download or installing anything? Some malware go through great lengths to prevent you from downloading, running or trying to apply a fix. I'll look at what you can try.
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult. yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.

Recent Comments

21 Comments

Duncan
December 13, 2011 7:24 PM

I know this will sound naive but it is something I have never seen commented on. For this trojan to make money for its propagator, one would need to follow through and actually pay to purchase the 'cure'. All payments must go eventually into the accounts of these criminals. Is there no agency anywhere that actually follows these scams though to find the perpetrators and to which we could report attempts? Yes, I realise that tracing and enforcement might be harder if the purchase perhaps goes to Russia or Serbia, etc. (not to point a finger of course) just wondering?

Mark J
December 14, 2011 1:59 AM

@Duncan
Good point. There is a serious proposal to go after spammers through the banks which spammers use. Here's an interesting article on the subject.
Banks Might Be the Spam Ecosystem's Weak Spot

Tom
December 14, 2011 4:15 AM

Your third point "Use common sense".

I prefer to call it Good Sense because, unfortunately it's not that common!

steven
December 16, 2011 4:06 AM

I was wondering what the Geek squad used in cleaning computers? i would be surprised, if they use the same stuff I use, such as MBAM, suprantispywarebytes and combofix. and Microsoft system sweeper on a USB stick.

J P
December 16, 2011 7:12 PM

I have been removing viruses/ trojans for a couple of decades now, and I actually would suggest that you, Leo, are underestimating this trojan; I certainly did when I volunteered to fix an infected PC. I spent many hours before defeating this animal. My friend's computer had an up-to-date antivirus, behind a hardware firewall and a software firewall. She was unsure as to what might have caused that installation. Only going into safe mode and using an anti-malware which was on a thumb drive allowed the use of the machine. There were some indications that 'parts' of the trojan were still hiding after the removal. So, after retrieving any needed files, I wiped the computer and reinstalled everything. This was the biggest mess I've ever seen on an individual PC. It was actually very insidious. I used the directions on how-to-geek; those on bleeping computer may work, but I found that the trojan would not allow administrator-required activities and/or denied that I was the administrator (which I was.) The penalty for the perpetrators of this trojan should be sent to Gitmo! Thanks for your help!

See all 21 comments...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2013 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/how_do_i_avoid_trojans_like_win_7_home_security_2012.html