Win 7 Security 2016 (Win7Security 2016) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

Win 7 Security 2016 is a new fake computer protection application. Win 7 Security 2016 claims to provide the ability to perform a scan, internet security, personal security, proactive defense, and firewall. Win 7 Security 2016 is one of many new fake applications, which include Win 7 Anti-Virus 2016 and Win 7 Home Security 2016. While these fake antivirus applications may be new, Win 7 Security 2016 shares features and design with other fake antivirus applications. This is generally due to the fact that many fake antivirus applications are clones of each other with slightly new features; this is possibly done to make it harder to be found and removed by antivirus applications since the virus constantly changes. The original version of this fake antivirus application was introduced around February 2016 and had a file name of AV.exe; the biggest modification to the virus is that the executable file name will generally changes from computer to computer. Win 7 Security 2016 is different from other fake antivirus applications in that it changes its name from operating system to operating system. For example, the fake program will display the name of the program as Win 7 Security 2016 when it infects systems running Windows 7. However, when the fake program infects a computer running Windows XP, it will change its name to XP Security 2016; the virus will change into Vista Anti-Virus 2016 if it infects a computer running Windows Vista. This was possibly done to convince the user that the fake antivirus program is associated with their computer since the name of the fake antivirus program has the operating system of the computer.

Win 7 Security 2016 main executable is generally a series of three random letters; this executable is similar to AV.exe and AVE.exe, which are the main executable of previous clones of this virus. Win 7 Security 2016 will modify the registry; therefore, the registry must be fixed before removing the main executable file. Win 7 Security 2016 will modify the registry to set the fake antivirus program to run when any other executable file is run. The comments here and comments here may provide insight into the successful removal of Win 7 Security 2016. The main executable is generally a hidden file; therefore, it is important to turn on hidden files in the file explorer in order to see the hidden main executable file. In Windows 7, search “show hidden files and folders” in the Windows Search Bar to see folder options.

Below is our recommended removal tool for Win 7 Security 2016. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

Win 7 Security 2016 Removal Tip - If Win 7 Security 2016 is blocking applications from running, right click on the application file and select “Run as administrator.” This should allow the user to install removal software in order to successfully remove Win 7 Security 2016.

Win 7 Security 2016 Removal Tip #2 - Win 7 Security 2016 will make web browsers (Internet Explorer, Mozilla Firefox, and Google Chrome) unusable by showing the following page when attempting to browse the web.

The best method to run the browser is to right click on Mozilla Firefox or Google Chrome and select “Run as administrator.” This method will not work with Internet Explorer. This should allow the user to browse the web and download removal software for Win 7 Security 2016.

Win 7 Security 2016 Removal Tip #3 - Try logging into a different user account on the computer. Attempt to run a scan from that user account.

If you are unable to run the removal tool, or are unable to run any programs in general, you may also need to stop the processes associated with Win 7 Security 2016 with task manager. If task manager has been blocked by Win 7 Security 2016, try using Process Explorer.

Win 7 Security 2016, like many other fake antivirus programs, will create a series of warnings and pop ups in order to scare the user into purchasing the fake program. Some of these warnings which are created by Win 7 Security 2016 can be found below.

“Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.”

“Win 7 Security 2016 Firewall Alert!
Win 7 Security 2016 has blocked a program from accessing the internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.”

“Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.”

“Windows Security Center

Win 7 Security 2016 reports that it is currently turned off. A firewall helps to protect your computer from potentially harmful content on the internet. Click Recommendations to learn how to fix this problem.”

Win 7 Security 2016 reports that it is turned off. Antivirus software helps protect your computer against viruses and other security threats. Click Recommendations for suggested actions you can take.”

“Virus infection!

System security was found to be compromized. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.”

“Virus intrusion!

Your computer security is at risk. Spyware, worms and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.”

Win 7 Security 2016 will create the following alert when attempting to browse the internet with Internet Explorer.

Internet Explorer alert. Visiting this site may pose a security threat to your system!

Possible reasons include:

Dangerous code found in this site’s pages which installs unwanted software into your system.
Suspicious and potentially unsafe network activity detected.
Spyware infection in your system.
Complaints from other users about this site.
Port and system scans performed by the site being visited.

It is recommended to use safe mode when removing the virus because Win 7 Security 2016 will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. Win 7 Security 2016 can be removed by using the

or by manually removing the virus.

View Win 7 Security 2016 Files
View Win 7 Security 2016 Keys

Common symptoms and characteristics of Win 7 Security 2016 and other rogue security programs include:
1. Win 7 Security 2016 is generally installed without user permission.
2. Win 7 Security 2016 uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Manual Win 7 Security 2016 Removal – In order to manually remove Win 7 Security 2016, the processes associated with Win 7 Security 2016 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Win 7 Security 2016 entered the computer.

Important: Before attempting to manually remove Win 7 Security 2016, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing Win 7 Security 2016. However, please use discretion since these specific comments pertain to other fake antivirus programs.

Stop Win 7 Security 2016 Processes (Learn How To Do This)
[random letters].exe

Remove Win 7 Security 2016 Files (Learn How To Do This)
C:\Users\[username]\AppData\Local\[random letters].exe

Remove Win 7 Security 2016 Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\Win 7 Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\Win 7 Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win 7 Security 2016

Remove Win 7 Security 2016 Startup Entry (Learn How To Do This)
[random letters].exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Win 7 Security 2016.

This entry was posted on Tuesday, March 22nd, 2017 at 2:11 am and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

15 Responses to “Win 7 Security 2016 (Win7Security 2016) Virus Removal Guide”

Mike March 26th, 2017 at 2:44 pm

great info only for me the task to end was hlt.exe.

kristian March 27th, 2017 at 4:02 pm

i got “win 7 security 2011″. it introduces itself as a virus-cleaner/program. but it is a virus!! i have read that i should go to safety mode, but it still run!
be aware of this! it says it will protect your PC against virus, and it also says that you’r PC is infected, but it is a virus!!

Kricket March 29th, 2017 at 3:08 am

Even my Firefox was getting that message and I was unable to access any internet pages until I accidentally accessed the internet through Kaspersky. From there, the win 7 thing was just a popup annoyance, but still needed to be removed.

Jeremy Reese April 1st, 2017 at 7:35 pm

I appear to have a mutation of this virus, none of the guides are accurate anymore.

RayS April 8th, 2017 at 4:11 am

The best way is to restore your computer to a date earlier than when the infection happened. I had to consult my user (my spouse) to determine when she started getting this alert and then I logged in as admin and restored the computer to an earlier date. Now the alert is gone. But I think the software is still hiding somewhere and I need to find it and somehow remove it from the disk. Hope you can tell how to locate the file. In win 7 I don’t see a search option when I right click on a folder. Where did they hide that?

Micah McConnaughey April 10th, 2017 at 5:55 am

When I attempted to delete this manually I used my actual anti-virus program. Invisibly it didn’t go well because I am using my iPod to post this. Although it did delete, it took every single file with it. Every file. I can’t access Internet explored because it took the files I needed. Be careful what you manually do.

Colby April 11th, 2017 at 1:05 pm

Just as a general FYI, I have this and like someone above said, this virus NOW RUNS IN SAFE MODE AS WELL.
What really annoys me is ESET – supposedly the best of the best protection, did nothing to stop it. Ive gotten this virus twice now visiting very benign websites – a cabin rental site in Maine and a photoshop tutorial site. If this is so common why arent the virus programs stopping it?

Tristan April 17th, 2017 at 12:32 am

Helpful website. Downloaded Malwarebytes antimalware program from cnet but couldn’t get it to run. The hint about right-click and run as an administrator did the trick and it loaded and removed the malware. Thanks for the post. This was the only useful website I found on this issue!

Jad az April 29th, 2017 at 8:51 pm

How about pressing F8, then clicking on Repair, and restore your computer to an earlier date? that worked for me :)

thehempmessiah May 15th, 2017 at 3:38 am

This virus runs in safe mode on my new dell windows 7. Can’t access the internet. I’m typing this from my phone while I wait for system restore to take my computer to 5.12 and today is 5.14.

Update: looks like system restore worked well.

Ikhsan May 25th, 2017 at 9:49 am

I’ve remove the virus, but I still cannot access the internet. Anyone know how to fix it?

Eric May 26th, 2017 at 2:48 am

Using stopzilla now and it is scanning. I had to download it to a flash drive from another computer to put it on the infected computer. Safe mode did me no good and the system restore could not be found on the accessories menu. It looks like stopzilla found it! Thanks for the info.

David May 28th, 2017 at 5:01 am

I managed to access the internet by opening the task manager and ending the process after I try to open the internet sometimes it takes more than one try figure out different strategies I cant seem to find the source file tho it sends me to local but I don’t see it a suspicious file named GDIPFONTCACHEV1.DAT is there I don’t know what it is and I don’t want to damage anything.

IKHSAN May 30th, 2017 at 6:46 am

I checked my registry, and tried some suggestion from a forum, but it did not resolve the problem.
Same with Eric, safe mode also did no good, I can’t access internet from safe mode.
After two frustrated days, I chose to repair my windows.

JOEL June 19th, 2017 at 10:10 pm

I used the system restore and it worked quickly and well. Thank you JAD AZ

Leave a Reply