AV Secure 2012

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1
First Seen: December 1, 2011
Last Seen: November 2, 2020
OS(es) Affected: Windows

AV Secure 2012 Image

One of the largest families of rogue security programs is linked to the FakeScanti Trojan, a particularly prevalent malware infection that is designed to install fake anti-virus applications on the victim's computer system.

At first glance, AV Secure 2012 seems to be simply one more version of the many fake anti-virus programs, which include such rogue security programs as Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.

However, the AV Secure 2012 variant has acquired an interesting twist to its infection process which has caught the attention of ESG security researchers. AV Secure 2012 has the capability to modify the infected computer system's settings, altering the way this computer connects to the Internet and resolves IP addresses. This means that, after carrying out a search on a legitimate search engine (such as Google or Yahoo,), the results will actually link to a website hosted on a German server which will attempt to infect the victim's computer with additional malware from the FakeScanti Trojan family. ESG security researchers consider that the AV Secure 2012 is a dangerous presence on your computer that, if left untreated, can result in severe consequences (such as loss of your bank account, credit card information and online email accounts.)

AV Secure 2012’s Redirects and Unusual Behavior

Browser hijackers and infections that target your search engine results are fairly commonplace when it comes to Trojans designed to open up a backdoor on your computer system or with scams involving endless streams of websites containing nothing but advertisements. Most of the time, these kinds of scams can be traced to variants of the Google Redirect Virus, a browser hijacker with many names, versions, variants and possible behaviors. Previously, most rogue security programs would simply block access to the Internet or display an error message whenever the victim attempted to connect to any website that could end up being a threat to the rogue security program in question. The way AV Secure 2012 and its clones manipulate Windows' system settings in order to change your search engine results is not often linked with this kind of rogue security program and may surprise many experienced computer users. Despite its unusual behavior, dealing with AV Secure 2012 is done best with a real anti-virus program while running Windows in Safe Mode.

File System Details

AV Secure 2012 may create the following file(s):
# File Name Detections
1. %Temp%\8.tmp
2. %DesktopDir%\AV Secure 2012.lnk
3. %AppData%\[RANDOM CHARACTERS]\AV Secure 2012.ico
4. %Programs%\AV Secure 2012\AV Secure 2012.lnk
5. %AppData%\ldr.ini

Registry Details

AV Secure 2012 may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList

Trending

Most Viewed

Loading...