How to remove Win 7 Home Security 2012

Brian Turner

December 21, 2011

Win 7 Home Security 2012 is a piece of malware doing the rounds at the moment, being distributed via infected ads across a number of high traffic sites.

Win 7 Home Security 2012 is a piece of malware that hijacks a user’s PC, issues false alerts, and insists it won’t go away unless you pay via a registration that aims to look like it’s coming from Microsoft.

And a nasty piece of work it is, as it attempts to take control of the user’s PC - every time you try and click on a program, Win 7 Home Security 2012 activates itself, displaying a bogus warning.

And it also hijacks popular browsers such as Internet Explorer and Firefox, providing false firewalls warnings.

All in all, the malware attempts to panic the user by locking down normal PC functions so that the user pays up.

While distressing if infected, luckily it’s relatively easy to remove.

BleepingComputer posts an invaluable tutorial on how to do this here: Remove Win 7 Home Security 2012 (Uninstall Guide)

The key steps to remove an infection of Win 7 Home Security 2012 are:

  • From an uninfected computer, download the file FIXNCR.reg and save to a USB stick, CD, or similar removable media
  • Insert media into the affected computer and double click on FIXNCR.reg

This should help clear your registry enough to allow relatively normal operation of your PC - enough at least to get the Win 7 Home Security 2012 malware removed.

  • Download RKill to your infected computer’s desktop
  • Now double-click the desktop icon for RKill - this should stop the malware from running.

But do not restart your PC yet!

  • Now download the latest version of MalwareBytes and run it on the infected machine - do a full scan

This should allow you to quarrantine the source program for the malware, and remove it.

And now your PC should be clear.

Should you continue to have any problems, ask in the BleepingComputer forums.

In the meantime, should you have actually paid for Win 7 Home Security 2012, contact your credit card provider to have the charges reversed - simply tell them it was a piece of malware that had infected your PC, demanding a payment until you paid up, and the credit card company should be able to reverse the payment.


Comments in chronological order (8 comments)

  1. victim says:

    It worked for me.

  2. Paul says:

    Thank you for creating a fix in getting rid of this malware. It worked great and was easy to use.

  3. King says:

    this is the most persistant virus i have ever seen! whoever made this thing deserves to get it sent right back at him. i do have to admit one thing though, it was well built (even though i still hate it after getting it twice in 3 days).

  4. 63dtiger says:

    I downloaded FIXNCR.reg to a flash drive on another computer. I ran it on the infected computer and did a system restore to the previous day. Everything worked fine. I ran the recommended Malwarebytes and it found a trogan virus that Norton missed. Thanks for the help!

  5. Mike Morone says:

    This piece of crap infected my wife’s computer yesterday. Lots of good info on this forum.

    The suggested BleepingComputer site is one I’m not familiar with, so I went to CNET and downloaded the free malwarebytes program, which got rid of the “WIN7 Home Security 2012” virus pretty quickly. However, with that done, I still couldn’t run programs unless I right-clicked and selected “Run as administrator.” So I then used a System Restore going back a few days, and now everything is back to normal.

  6. Brian Turner says:

    Mike, BleepingComputer isn’t a familiar site to me either, but their instructions completely did the job for me.

  7. Henry Zasfo says:

    Grateful for people like you who are willing to share their knowledge for the good of others.God bless you man.

  8. The Pod says:

    Tried following bleepingcomputers instuctions to no effect. Then started in “safe mode” and did a system restore from there. Had to go back 17 days but it seems to have worked, no sign of it. Deep Joy!!!
    It had stopped me from opening all sorts of files inc Word. Although i could still get on web using my Firefox browser. It had only affected an area of the computer which i have for family use (non-administrator). lesson there, I think.

Post a comment

Your email address will not be published. Required fields are marked *

Visited 37826 times, 1 so far today