AV Secure 2012
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1 |
First Seen: | December 1, 2011 |
Last Seen: | November 2, 2020 |
OS(es) Affected: | Windows |
One of the largest families of rogue security programs is linked to the FakeScanti Trojan, a particularly prevalent malware infection that is designed to install fake anti-virus applications on the victim's computer system.
At first glance, AV Secure 2012 seems to be simply one more version of the many fake anti-virus programs, which include such rogue security programs as Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.
However, the AV Secure 2012 variant has acquired an interesting twist to its infection process which has caught the attention of ESG security researchers. AV Secure 2012 has the capability to modify the infected computer system's settings, altering the way this computer connects to the Internet and resolves IP addresses. This means that, after carrying out a search on a legitimate search engine (such as Google or Yahoo,), the results will actually link to a website hosted on a German server which will attempt to infect the victim's computer with additional malware from the FakeScanti Trojan family. ESG security researchers consider that the AV Secure 2012 is a dangerous presence on your computer that, if left untreated, can result in severe consequences (such as loss of your bank account, credit card information and online email accounts.)
Table of Contents
AV Secure 2012’s Redirects and Unusual Behavior
Browser hijackers and infections that target your search engine results are fairly commonplace when it comes to Trojans designed to open up a backdoor on your computer system or with scams involving endless streams of websites containing nothing but advertisements. Most of the time, these kinds of scams can be traced to variants of the Google Redirect Virus, a browser hijacker with many names, versions, variants and possible behaviors. Previously, most rogue security programs would simply block access to the Internet or display an error message whenever the victim attempted to connect to any website that could end up being a threat to the rogue security program in question. The way AV Secure 2012 and its clones manipulate Windows' system settings in order to change your search engine results is not often linked with this kind of rogue security program and may surprise many experienced computer users. Despite its unusual behavior, dealing with AV Secure 2012 is done best with a real anti-virus program while running Windows in Safe Mode.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %Temp%\8.tmp | |
2. | %DesktopDir%\AV Secure 2012.lnk | |
3. | %AppData%\[RANDOM CHARACTERS]\AV Secure 2012.ico | |
4. | %Programs%\AV Secure 2012\AV Secure 2012.lnk | |
5. | %AppData%\ldr.ini |