Antivirus Protection 2012

Antivirus Protection 2012 Description

ScreenshotAntivirus Protection 2012 is one of the many rogue anti-virus programs belonging to the Rogue:Win32/Defmid family of scamware. These kinds of fake anti-virus applications will use the same interface repeatedly, only changing the name of each particular member of this family of malware in order to stay one step ahead of PC security researchers. ESG security researchers indicates that Antivirus Protection 2012 is designed to mislead its victims, providing fake error reports and system scans designed to convince this malware infection's victims into purchasing a useless license for Antivirus Protection 2012. An Antivirus Protection 2012 infection will often be associated with the presence of other malware on your computer and should be regarded as a severe threat to your computer system's security.

Despite Its Name, the Antivirus Protection 2012 Scam Goes Back Several Years


Do not be misled by the "2012" appended to the ending of Antivirus Protection 2012's name. This is simply added to the end of this rogue program's name in an attempt to make this fake security program appear new and improved. However, malware like Antivirus Protection 2012 has been using what is basically the same interface and attack strategy since at least 2010. There are dozens of clones of Antivirus Protection 2012, some of which include fake security applications such as Security Center, Security Defender, Security Monitor 2012, Smart Internet Protection 2012, Antimalware Tool, Security Central, and Internet Defender. All of these clones have versions with the year "2011" or "2012" appended to the end (e.g. Microsoft Security Center 2012 or Internet Protection 2011) as a way to create multiple versions of the same malware threat with a minimum of effort.

How Antivirus Protection 2012 Attempts to Steal Your Money


Antivirus Protection 2012 is designed to display authentic-looking error messages and alerts indicating the presence of malware on the victim's computer. However, ESG security researchers advise against paying attention to any of these so-called warnings, since Antivirus Protection 2012 is a malware infection itself and has no way of detecting or removing malware. This fake security program will insert links leading to its website in various places in order to attempt to direct its victim to a form asking for the victim's credit card information in exchange for a useless registration code for its non-existent full version. The registration code LIC2-00A6-234C-B6A9-38F8-F6E2-0838-F084-E235-6051-18B3 has been known to diminish some of this rogue security program's symptoms while you use a reliable anti-malware tool to remove it from your computer.
Aliases: FakeAlert-Rena.ci [McAfee], Gen:Variant.Kazy.56883 [BitDefender], Generic27.MSX [AVG], HEUR:Trojan.Win32.Generic [Kaspersky], Mal/FakeAV-OQ [Sophos], Rogue:Win32/FakeRean [Microsoft], Suspicious file [Panda] and Win32:FakeAlert-CAK [Trj] [Avast].

Infected with Antivirus Protection 2012? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Antivirus Protection 2012

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

How to Find and Remove Antivirus Protection 2012 Rogue Video

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Antivirus Protection 2012 infects a computer.



ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Antivirus Protection 2012 outbreaks and other threats from global to local level.

File System Details

Antivirus Protection 2012 creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Antivirus Protection 2012 56
2 %APPDATA%\Antivirus Protection\AntivirusProtection2012.exe 2,341,888 e623346586ea7ab65d32e66e9c3eea62 42
3 Antivirus Protection.lnk 34
4 %USERPROFILE%\Start Menu\Programs\Antivirus Protection 33
5 %APPDATA%\Antivirus Protection 30
6 %APPDATA%\Antivirus Protection\securitymanager.exe 122,880 917c4059dc649b28b13a3534984d789d 10
7 %APPDATA%\Antivirus Protection\securityhelper.exe 3,918,339 68fd15c187ccf9e612c498f9ca56a041 4
8 %AppData%\Antivirus Protection\antivirusprotection2012.exe N/A
9 %AppData%\Antivirus Protection\securitymanager.exe N/A
10 %Desktop%\Antivirus Protection.lnk N/A
11 %StartMenu%\Programs\Antivirus Protection\antivirus protection.lnk N/A
12 %AppData%\Antivirus Protection\IcoActivate.ico N/A
13 %AppData%\Antivirus Protection\IcoHelp.ico N/A
14 %AppData%\Antivirus Protection\IcoUninstall.ico N/A
15 %AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk N/A
16 %StartMenu%\Programs\Antivirus Protection.lnk N/A
17 %StartMenu%\Programs\Antivirus Protection N/A
18 %StartMenu%\Programs\Antivirus Protection\Activate Antivirus Protection.lnk N/A
19 %StartMenu%\Programs\Antivirus Protection\Help Antivirus Protection.lnk N/A
20 %StartMenu%\Programs\Antivirus Protection\How to Activate Antivirus Protection.lnk N/A
21 %Temp%\2010yo.exe N/A
22 %Temp%\472a10e2ebxd9.exe N/A
23 %Temp%\56493.exe N/A
24 %Temp%\cosock.exe N/A
25 %Temp%\cowceb.exe N/A
26 %Temp%\d20mes.exe N/A
27 %Temp%\dc_3.exe N/A
28 %Temp%\ddoll3342.exe N/A
29 %Temp%\destroyer.exe N/A
30 %Temp%\exppdf_w.exe N/A
31 %Temp%\hhbboll_2.exe N/A
32 %Temp%\jofcdks.exe N/A
33 %Temp%\lols.exe N/A
34 %Temp%\puzpup.exe N/A
35 %Temp%\sycre.exe N/A
36 %Temp%\winifi.exe N/A
37 %Temp%\wwwsssgen.exe N/A

Registry Details

Antivirus Protection 2012 creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}
Antivirus Protection 2012 SM
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
Antivirus Protection
HKEY..\..\..\..{Subkeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run!Inspector
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run!Inspector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}
Antivirus Protection

More Details on Antivirus Protection 2012

The following messages associated with Antivirus Protection 2012 were found:
Antivirus Protection 2012
The application excel.exe was launched successfully but it was forced to shut down due to security reasons. This application infected by a malicious software program which might present damage for the PC. It is highly recommended to make a full scan of your computer to exterminate the malicious programs from it.
Antivirus Protection 2012
Your computer is being used as spamming machine. You can get sued for spam. Your computer WIL BE DISCONNECTED FORM INTERNET BECAUSE SPAMMING OTHER PCs.
Security Center
Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to a remote computer!
Warning! Unauthorized personal data transfer is detected! It may be your personal credit card details, logins and passwords, browsing habits or information about files you have downloaded.
To protect your private data, please click "Prevent Connection" button below.
Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Do you want to block this suspicious software?
Name: Sft.Dez.Wien
Risk: High
You have been infected by a proxy-relay trojan server with new and danger "SpamBots".
You have a computer with a virus that sends spam.
This is a mass-mailing worm with backdoor thus allowing un-authorized access to the infected system.
It spreads by mass-mailing itself to e-mail addresses harvested from the local computer or by querying on-line search engines such as google.com.
The IP [IP ADDRESS] address that YOU are getting from Internet Service Provider (ISP) for YOU personal computer is on some major blacklist.
Your computer has been used to send a huge amount of junk e-mail messages during the last days.
You IP will be marked in the Police log file as mass-mailing spam assist.
Upgrading to the full version Antivirus Protection 2012 it will eliminate the majority of Spam attempts.
Antispyware software warningYour computer is infected with spyware and malware. Last scan results: 364 infected files found! Click this notification to fix the problem.
Reported Insecure Browsing: Navigation Blocked
Insecure Internet Activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms, and Trojans without your knowledge, and that can lead to system slowdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information.
Reported Insecure Browsing: Navigation Blocked Insecure Internet Activity. Threat of virus attack Due to insecure Internet browsing your PC can easily get infected with viruses, worms, and Trojans without your knowledge, and that can lead to system slowdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information.
Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Screen.Grab.J.exe
Risk: High
Security Center Alert To help protect your computer, Security Center has blocked some features of this program. Name: Screen.Grab.J.exe Risk: High
Security Center Unauthorized remote connection! Your system is making an unauthorized personal data transfer to a remote computer! Warning! Unauthorized personal data transfer is detected! It may be your personal credit card details, logins and passwords, browsing habits or information about files you have downloaded. To protect your private data, please click "Prevent Connection" button below.
System critical warning!
You have been infected by a proxy-relay Trojan server
Your query looks similar to automated requests from a spyware application.
Your system has come under attack of hostile software.
Click here to deactivate it.
System critical warning! You have been infected by a proxy-relay Trojan server Your query looks similar to automated requests from a spyware application. Your system has come under attack of hostile software. Click here to deactivate it.
Your computer might be at risk
Antivirus detects viruses, worms, and Trojan horses. They can (and do) destroy data, format your hard disk or can destroy the BIOS. By destroying the BIOS many times you end up buying a new motherboard or if the bios chip is removable then that chip would need replacing
Your computer might be at risk Antivirus detects viruses, worms, and Trojan horses. They can (and do) destroy data, format your hard disk or can destroy the BIOS. By destroying the BIOS many times you end up buying a new motherboard or if the bios chip is removable then that chip would need replacing

Site Disclaimer

2 Comments

  • exchange says:

    These are really impressive ideas in on the topic of
    blogging. You have touched some good factors here. Any
    way keep up wrinting.

  • Recover says:

    If you would like to improve your know-how just keep visiting this web site and be updated with the latest information posted here.

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 10 + 3 ?