View messages in Action Center and beware! They could be fake

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

The family of rogues known as MultiRogue 2013 (a.k.a. FakeRean or Braviax) are actively bombarding various countries of the world today. This is a clan of fake anti-malware applications that mask themselves with the GUI of some anti-virus programs supposedly protecting your system. However, the point is that all these tools are good for nothing. They will not render the promised protection in times you really need it. They will not become the powerful shield that would help you enhance your system defense against all possible variants of cyber vulnerabilities. Thus, once real viruses do attack your PC, none of these bogus anti-spyware devices will assist you in protecting your system against such threats.

The behavior of such programs of MultiRogue 2013 clan is quite predictable. They come into your PC in a secret and hidden manner without your approval of consent for such installation. If you have Windows Vista or Windows 7 (seven) the chances are that you will see the fake Action Center warning that precedes the appearance of MultiRogue 2013 program. The installer of this scam actually replaces the legitimate Action Center with its own, fake one. Thus, you might get the fake notification allegedly coming from Action Center that would tell you: “View messages in Action Center”. When you click such popup you would subsequently face the following bogus Action Center window:

Action Center virus

It is clear that such fake Action Center recommends you to obey the instructions of one of MultiRogue 2013 fake anti-viruses (like Win 7 Antispyware Pro 2013 in our case). It is also quite clear that Win 7 Antispyware Pro 2013 is a fake anti-virus program that should be immediately removed from your system upon detection. Hence, this fake Action Center is the example of how tricky hackers are today. They invent various ways to persuade users in so many lies invented by them. However, we hope that you will be wise and instead of obeying the instructions of the crooks you will ignore the warnings of fake Action Center and, instead, remove the source of the infection – one of the variants of MultiRogue 2013 virus programs. The removal guide for one of their representatives is submitted below.

Win 7 Antivirus Pro 2013 similar removal video guide:

Win 7 Antispyware Pro 2013 step-by-step removal instructions from GridinSoft Trojan Killer anti-virus Lab

Step 1.

Run GridinSoft Trojan Killer. Click Win+R and type the direct link for the program’s downloading.

If it does not work, download GridinSoft Trojan Killer from another uninfected machine and transfer it with the help of a flash drive.

Step 2.

Install GridinSoft Trojan Killer. Right click – Run as administrator.

Run as administrator


Don’t uncheck the Start Trojan Killer checkbox at the end of installation!


Manual removal guide Win 7 Antispyware Pro 2013 virus:

Delete Win 7 Antispyware Pro 2013 files:

  • %LocalAppData%\[rnd_2]
  • %Temp%\[rnd_2]
  • %UserProfile%\Templates\[rnd_2]
  • %CommonApplData%\[rnd_2]

Delete Win 7 Antispyware Pro 2013 registry entries:

  • HKEY_CURRENT_USER\Software\Classes\.exe
  • HKEY_CURRENT_USER\Software\Classes\.exe\ [rnd_0]
  • HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ “[rnd_1].exe” -a “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\ Application
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\Content Type application/x-msdownload
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon\ %1
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\ “[rnd_1].exe” -a “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\ “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\IsolatedCommand “%1″ %*
(Visited 325 times, 1 visits today)

Related posts:

Leave a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.