AV Protection 2011

By ESGI Advisor in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 45
First Seen: November 17, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

AV Protection 2011 Image

AV Protection 2011 is a fake anti-virus program from a large family of rogue anti-virus programs. According to ESG PC security researchers, AV Protection 2011 is a clone of known rogue anti-virus programs such as AV Protection 2012, Security Sphere 2012, OpenCloud Antivirus, and Total Security. AV Protection 2011 does not stray from the most typical symptoms associated with the rogue anti-virus program scam. If you have installed the AV Protection 2011 fake anti-virus program on your computer system, ESG PC security researchers strongly recommend taking steps to scan and remove all malware from your computer. The presence of AV Protection 2011 on your computer system is a definitive sign of a dangerous Trojan infection. Despite its name, AV Protection 2011 is also a dangerous malware infection itself.

How the AV Protection 2011 Scam Works

As was mentioned before, AV Protection 2011 belongs to a well known online scam which involves the sale of fake security products. To picture how the AV Protection 2011 scam works accurately, an analogy may be useful. The AV Protection 2011 is similar to a fraudulent auto mechanic who, instead of fixing your car, damages it further, in order to be able to charge you for expensive repairs. While AV Protection 2011 claims to fix your computer system, AV Protection 2011 will actually damage your computer system, in order to convince you that a dangerous malware infection is wreaking havoc. Some of the ways AV Protection 2011 damages your computer system includes using Trojans to do the following:

  • Take up valuable system resources, which often results in the infected computer system becoming slow and unresponsive.
  • Cause frequent application and system crashes.
  • Hide folders and files to make it appear that they have been deleted.
  • Block access to the Internet or to certain applications, displaying an error message instead of performing the selected operation.

As part of its scam, AV Protection 2011 displays a constant stream of alarming error messages and fake system alerts. It will also run a fake scan of the victim's computer, claiming to have found severe malware problems. It does all this, in order to lure the computer user into buying a "full version" of AV Protection 2011. Because AV Protection 2011 has absolutely no anti-virus capabilities, ESG PC security researchers strongly recommend that you use a real anti-malware program to remove AV Protection 2011 and all of its associated malware.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove AV Protection 2011

AV Protection 2011 Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

AV Protection 2011 may create the following file(s):
# File Name MD5 Detections
1. AV Protection 2011v121.exe a6caa3860626a49b39024e7444b9757a 7
2. AV Protection 2011v121.exe ff2ec87ef7291b365214c837efc37f68 6
3. AV Protection 2011v121.exe 5b1f59ac2214391122528d4d0e94e58c 5
4. AV Protection 2011v121.exe d3a28df54220921b66f835c2d0a72dcf 4
5. AV Protection 2011v121.exe f89b5cbc1dc0deb9f655d9d609e48833 3
6. AV Protection 2011v121.exe cf14de5d101e53f456596c4442282f60 3
7. AV Protection 2011v121.exe 3f742885983894d8e29b35512f0f93f9 3
8. AV Protection 2011v121.exe 6cfee191a83d59ed0c406ade680e280c 3
9. AV Protection 2011v121.exe 3ca46f40d191dc769d84f19c8546a429 2
10. %Temp%\dwme.exe
11. %ProgramFiles5\LP\4B7F\027.exe
12. C:\Windows\system32\[RANDOM CHARACTERS].exe
13. %AppData%\FCE03\0FD4B.exe
14. %ProgramFiles%\03F0D\lvvm.exe
15. %SystemDir%\AV Protection 2011v121.exe
16. %AppData%\dwme.exe
17. %ProgramFiles%\LP\6AB2\027.exe
18. %TempDir%\dwme.exe
19. %ProgramFiles%\DED59\lvvm.exe
20. %Programs%\AV Protection 2011\AV Protection 2011.lnk
21. %ProgramFiles%\LP\4B7F\3.tmp
22. %ProgramFiles%\DED59\
23. %AppData%\[RANDOM CHARACTERS]\AV
24. Protection 2011.ico
25. %StartMenu%\Programs\AV Protection 2011\
26. %AppData%\ldr.ini
27. %ProgramFiles%\LP\4B7F\2.tmp
28. %TempDir%\1.tmp
29. %ProgramFiles%\LP\6AB2\
30. %AppData%\246DE\ED59.46D
31. 2011\AV Protection 2011.lnk
32. %Temp%\8.tmp
33. %AppData%\FCE03\3F0D.CE0
34. %ProgramFiles%\LP\4B7F\4.tmp
35. %ProgramFiles%\LP\
36. %AppData%\246DE\
37. %StartMenu%\Programs\AV Protection
38. 12EDD.exe 17c183fdf8d2d9c44b9fa7ee3e7a1b1a 0

Registry Details

AV Protection 2011 may create the following registry entry or registry entries:
File name without path
AV Protection 2011.lnk
HKEY_CURRENT_USER\Software\AV Protection 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59232
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Messages

The following messages associated with AV Protection 2011 were found:

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Trending

Most Viewed

Loading...