AV Protection 2012

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1
First Seen: November 23, 2011
Last Seen: October 27, 2020
OS(es) Affected: Windows

AV Protection 2012 Image

AV Protection 2012 belongs to a large family of rogue anti-virus programs. Known clones of AV Protection 2012 include rogue anti-virus programs such as Security Sphere 2012, Win 7 Smart Security 2010, Vista Guardian 2010, Desktop Defender, XP Internet Security 2011 and Cloud AV 2012. These are only a few of the dozens of versions of this fake anti-virus program, which has been at large since 2009 at the very least. Rogues in the AV Protection 2012 family include a code that has been present in rogue anti-spyware applications dating as far back as 2005. ESG security researchers warn against downloading AV Protection 2012 or any of its clones. AV Protection 2012 has absolutely no anti-virus capabilities and is part of a well-known online scam. Using deception and preying on many computer users' inexperience, AV Protection 2012 attempts to steal its victims' money. An AV Protection 2012 infection seldom comes alone; its presence wil,l usually, include a number of dangerous Trojans and an extremely dangerous rootkit or bootkit infection. Because of this, ESG malware analysts strongly recommend removing AV Protection 2012 from your computer system immediately.

When it comes to the symptoms AV Protection 2012 causes, AV Protection 2012 is quite similar to the most popular rogue anti-virus applications. AV Protection 2012 will usually manifest itself in a large number of error messages and security alerts, decreased system performance and Internet browser redirects. AV Protection 2012 sports a sleek dark-colored interface with logos meant to resemble those used by legitimate security programs such as Microsoft Security Essentials. When installed, AV Protection 2012 makes dangerous changes to the infected operating system's registry which allows AV Protection 2012 to launch automatically during start-up. This means that, unless the infected computer system is started in Safe Mode, the victim will have little or no control over the infected operating system. AV Protection 2012 is able to start and stop file processes, hide or block certain files and applications and block access to the Internet. A computer system infected with the AV Protection 2012 rogue anti-virus application will also crash frequently, become stuck suddenly or display the dreaded "blue screen of death." While manual removal of AV Protection 2012 is possible, ESG security researchers recommend using a reliable anti-malware program. In the event of an associated rootkit infection, a special tool for rootkit removal may be necessary.

File System Details

AV Protection 2012 may create the following file(s):
# File Name Detections
1. %AppData%\svhostu.exe
2. %AppData%\ldr.ini
3. %AppData%\[RANDOM SYMBOLS]\AV Protection 2012.ico

Registry Details

AV Protection 2012 may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM SYMBOLS].exe"
HKEY_CURRENT_USER\Software\AV Protection 2012

Trending

Most Viewed

Loading...