Win 7 AntiMalware 2010 Removal

Win 7 AntiMalware 2010 is a rogue malware removal tool, fake virus protection program that displays fake security alert and lists false system security threats just to trick you into thinking that your computer is infected with spyware, adware and other malware. It’s not a new rogue program. It uses misleading methods to trick users into purchasing the rogue program. Don’t buy it!

As a typical scareware, Win 7 AntiMalware 2010 displays fake security warnings and notifications claiming that your computer is infected and under attack from a remote computer. That’s not true, please ignore such false information. The rogue program also blocks antivirus and antispyware programs and hijacks Internet Explorer & Firefox. It may disable Task Manager and Registry Editor to make the removal process rather complicated as these tools are very useful when removing such infections. You may choose to remove Win 7 AntiMalware 2010 either manually or with an automatic removal tool. However, please note that this rogue program may come bundled with other malicious software that’s why we strongly recommend you to use an anti-malware program for Win 7 AntiMalware 2010 removal.

I have now completed the removal and restoration of my system. I have backed up all the registry keys and will wait a week or so before deleting them in case I need to restore them. To make sure the I checked the registry keys were the same on both an XP and Windows 7 PC and work.

First a warning – this requires changing Windows registry, which can irretrievably damage your system if you make a mistake. Please ensure you backup your system before proceeding and make backups of all registry keys before you change/delete them. I cannot be held responsible if you break your system. If you are unsure, consult a professional before proceeding.

Anyways, here what I did:

Related files: %AppData%\vz.exe.

Win 7 AntiMalware 2010 properties:

  • Changes browser settings
  • Shows commercial adverts
  • Connects itself to the Internet
  • Stays resident in background

Kill Process – dedupchk.exe (I think), vz.exe. To do this I navigated to C:\Windows\System32\ right-clicked taskmgr.exe and chose Run as administrator. (Or from a command prompt navigate to the same folder run tasklist.exe to find the PID of the processes and then taskkill.exe /PID PID to kill the processes.)

Changed the following keys to:

  • HKEY_CLASSES_ROOT\.exe (Default) = exefile (REG_SZ)
  • HKEY_CLASSES_ROOT\.exe ContentType = application/x-msdownload (REG_SZ)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command (Default) = “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default) = “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command (Default) = “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode

Confirmed (and changed if necessary) that the following was correct:

  • HKEY_CLASSES_ROOT\.exe\PersistentHandler (Default) = {098f2470-bae0-11cd-b579-08002b30bfeb} (REG_SZ)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc AntiSpywareOverride = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc AntiVirusOverride = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc FirewallOverride = 0

Deleted the following keys in their entirety:

  • HKEY_CLASSES_ROOT\.exe\shell\
  • HKEY_CLASSES_ROOT\sezfile\
  • HKEY_CURRENT_USER\Software\Classes\.exe\
  • HKEY_CURRENT_USER\Software\Classes\sezfile\

Finally deleted %AppData%\vz.exe.

Hey presto – my system works!