Win 7 Home Security 2016 (Win7HomeSecurity 2016) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

Win 7 Home Security 2016 is a new fake antivirus / antispyware application. Win 7 Home Security 2016 is a new fake antivirus application; however, it does share many similar features with other fake antivirus applications. The original version of this fake antivirus application was introduced around February 2016; since then, the look of the virus has slightly changed but the functionality is similar. Win 7 Home Security 2016 is slightly unique to other fake antivirus applications in that it changes its name from operating system to operating system. Therefore, the fake program will display the name of the program as Win 7 Home Security 2016 when it infects systems running Windows 7. The fake program will change its name to XP Home Security 2016 if it infects a computer running Windows XP; the virus will change into Vista Home Security 2016 if it infects a computer running Windows Vista. Win 7 Home Security 2016 is a clone of a variety of fake antivirus programs and has a similar look to Win 7 Antivirus Pro 2016.

Win 7 Home Security 2016 main executable is generally a series of three random letters; this executable is similar to AV.exe and AVE.exe, which are the main executable of previous clones of this virus. In the previous versions of this virus, the executable had a fixed filename (for example, Win 7 Antivirus Pro 2016 had a fixed file name); however, the virus has been modified to have a executable filename which changes from computer to computer. This is most likely done to make it harder to find and therefore stay hidden. Win 7 Home Security 2016 will modify the registry; therefore, the registry must be fixed before removing the main executable file. Win 7 Home Security 2016 will modify the registry to set the fake antivirus program to run when any other executable file is run. The comments here and comments here may provide insight into the successful removal of Win 7 Home Security 2016. The main executable is generally a hidden file; therefore, it is important to turn on hidden files in the file explorer in order to see the hidden main executable file.

Below is our recommended removal tool for Win 7 Home Security 2016. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

Win 7 Home Security 2016 will block the user from viewing webpages by redirecting each webpage they attempt to visit to a page which they have designed. However, the user can still access download links because the browser will not be redirected to the page. To download the removal tool, please type in the following address below in Internet Explorer or any web browser.

http://www.virusremovalguru.com/download.php

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with Win 7 Home Security 2016 with task manager. If task manager has been blocked by Win 7 Home Security 2016, try using Process Explorer.

Even though Win 7 Home Security 2016 does block the user from visit websites, the user can still access the web through Internet Explorer. In the video below, we have detailed how to access the web in Internet Explorer.

Win 7 Home Security 2016, like many other fake antivirus programs, will create a series of warnings and pop ups in order to scare the user into purchasing the fake program. Some of these warnings which are created by Win 7 Home Security 2016 can be found below.

“Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.”

“Win 7 Home Security 2016 Firewall Alert!
Win 7 Home Security 2016 has blocked a program from accessing the internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.”

“Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.”

“Windows Security Center

Win 7 Home Security 2016 reports that it is currently turned off. A firewall helps to protect your computer from potentially harmful content on the internet. Click Recommendations to learn how to fix this problem.”

Win 7 Home Security 2016 reports that it is turned off. Antivirus software helps protect your computer against viruses and other security threats. Click Recommendations for suggested actions you can take.

Win 7 Home Security 2016 may also modify Internet Explorer to show the following alert listed below when the browser is opened.

Internet Explorer alert. Visiting this site may pose a security threat to your system!

It is recommended to use safe mode when removing the virus because Win 7 Home Security 2016 will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. Win 7 Home Security 2016 can be removed by using the

or by manually removing the virus.

View Win 7 Home Security 2016 Files
View Win 7 Home Security 2016 Keys

Common symptoms and characteristics of Win 7 Home Security 2016 and other rogue security programs include:
1. Win 7 Home Security 2016 is generally installed without user permission.
2. Win 7 Home Security 2016 uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Manual Win 7 Home Security 2016 Removal – In order to manually remove Win 7 Home Security 2016, the processes associated with Win 7 Home Security 2016 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Win 7 Home Security 2016 entered the computer.

Important: Before attempting to manually remove Win 7 Home Security 2016, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing Win 7 Home Security 2016. However, please use discretion since these specific comments pertain to other fake antivirus programs.

Stop Win 7 Home Security 2016 Processes (Learn How To Do This)
[random letters].exe

Remove Win 7 Home Security 2016 Files (Learn How To Do This)
C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters].exe

The main executable for Win 7 Home Security 2016 will be a hidden protected system file. Therefore, the user will need to turn on hidden files and also turn off hide protected operating system files. We recommend changing these settings back after removing Win 7 Home Security 2016.

Remove Win 7 Home Security 2016 Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\Win 7 Home Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\Win 7 Home Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win 7 Home Security 2016

Remove Win 7 Home Security 2016 Startup Entry (Learn How To Do This)
[random letters].exe

After successfully removing the Win 7 Home Security 2016, we recommend that the user scan the computer with antivirus software or antispyware software to find any remaining parts of Win 7 Home Security 2016.

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Win 7 Home Security 2016.

This entry was posted on Tuesday, March 15th, 2017 at 1:36 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

13 Responses to “Win 7 Home Security 2016 (Win7HomeSecurity 2016) Virus Removal Guide”

Paul March 22nd, 2017 at 10:49 am

My laptop was infected by this fake antivirus. Stupidly I used my credit card to purchase the bogus software. Is my credit card at risk now? Do you know what other information on my laptop would be at risk from this virus?

Marc March 23rd, 2017 at 4:54 pm

@ PAUL
yes your credit card will be continuously charged by the programmers.
unfortunately, i do not know what information could be at risk. assume that ALL of your data is at risk. I removed mine via a linux distribution. (Ubuntu 10.10)

jose March 23rd, 2017 at 9:41 pm

hey i ran my other computer on safe mode and i still cant open the internet help me please i hate this virus

Andrew March 30th, 2016 at 4:11 am

Paul – to be sure I would be checking your credit card statement asap and cancelling your card. Contact your bank and try to reverse the charge.
Marc is right – assume everything is at risk. I would be backing up all your files and reloading windows. However if you insist on attempting repair, run Smitfraud and ComboFix, check msconfig for startup items and then run malwarebyes anti malware followed by ccleaner. Do all of this in Safe Mode.
Jose – You need to boot up in Safe Mode with Networking to enable use of your network card / wireless adapter.

Jeremy Reese April 1st, 2016 at 7:59 pm

Hey, just open IE, kill process then browse… what is this safe mode nonsence…
Also file is generating .dat files in C:/appdata and in C:/users/(yournamehere)/appdata/local/(longrandomname.dat)
these regenerate with new names each time the registries trigger, also it close your IE when it triggers.

Jeremy Reese April 1st, 2016 at 8:00 pm

also, has anyone found the new registry locations?

Axel April 6th, 2016 at 9:08 am

This made me scream when I got it. A little thing to add that allowed me to remove it, ( in the process of doing so right now ) right click, run as administrator allows you to use programs when it locks you down.

Geo Holl April 9th, 2016 at 3:43 pm

I think I was able to get rid of this by first finding the “process” that the program runs and killing it, in my case it was “pto.exe”. Then I ran “regedit” as administrator and searched the registry for “pto.exe” and deleted every reference to it.
After that I had to unistall Microsoft Security Essentials and re-install it.. so far so good.

Tim April 17th, 2016 at 12:38 pm

After having tried to remove it a couple times, I simply restored my Windows 7 by pressing F8 at boot, “Repair computer” then chose a restoration point prior to the whole messup.

Problem fixed. Just need to reinstall a couple of Windows updates that were removed.

Pretty much the simplest solution.

Jeremy April 19th, 2016 at 1:31 am

@Tim – Same here, but I booted from the Windows installation CD. It was my wife’s computer and FF4 created a system restore point when it installed so all I had to do was reinstall that.

Running a full MSSE scan and will also run MalwareBytes as well to check the various registry/file locations to finish the job.

Tim 2 April 19th, 2016 at 3:31 am

I also restored the system to a prior point, which seems to have gotten rid of the problem. Will restoring to a previous point permanently get rid of the problem? If not, what else needs to happen?

Kerry May 25th, 2016 at 2:28 pm

I have just got this virus and i have no idea wht anything is am really no good with computers i only use laptop in a very limited way its for my 9year old. I need much more simpler steps to remove this i can’t understand what most of these comments mean!! HELP. am using the internet on guest user but because i can’t use internet on other user i don’t know how to remove it?? Am very confused

Accoy June 23rd, 2016 at 12:32 pm

After I got the virus, I didn’t know what to do so I just continued with it, and now, my computer practically useless. Everything I try to use is not found, and I can’t download anything. The Virus doesn’t even pop up anymore. I really need help and I’m clueless, someone please help me.

Leave a Reply