Internet Security 2012

One Comment
By Domesticus in Rogue Anti-Spyware Program | 1,144 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
 More... More

Internet Security 2012 Description

Image Screenshot

[+] Click Image to Enlarge

Internet Security 2012 is a fake antispyware program that is installed by way of a Trojan infection. According to ESG PC security researchers, Internet Security 2012 has no way of providing security while going online or in any other situation. Internet Security 2012 is also just as useless as previous versions of this fake security program, which go as far back as 2010 (that is, Internet Security 2010 and Internet Security 2011). This is because Internet Security 2012 is part of a common computer scam designed to convince inexperienced computer users to purchase a useless security program. Internet Security 2012 does this by detecting nonexistent malware infections on the victim’s computer and constantly prompting the victim to ‘register’ Internet Security 2012 in order to fix these problems. Of course, this so-called registration requires a credit card payment, which puts the victim at risk for identity theft and credit card fraud, apart from the money that the victim loses from paying for this useless application. Internet Security 2012 is a carbon copy of previously reported bogus anti-spyware program such as Windows Vista Internet Security 2012, Windows 7 Internet Security 2012, Windows Vista Security 2012, Windows XP Internet Security 2012, just to name a few. ESG malware analysts recommend removing Internet Security 2012 immediately with the help of a legitimate anti-malware application. The presence of this fake security program on your computer is a definitive sign that your computer has become infected with a dangerous Trojan.

How Criminals Use Internet Security 2012 to Attempt to Steal Your Money

Internet Security 2012 is part of a scam that is older than the Internet itself. It is a version of a common scam that auto mechanics and repairmen, for example, would use in order to take advantage of people with little experience with cars or appliances. Basically, the repairman or mechanic would deliberately cause a problem with the client’s car or appliance and then attempt to charge the victim in order to fix it. Internet Security 2012 works in the same way, causing the victim’s computer to display common symptoms associated with malware so that the victim will be convinced to purchase a useless registration code for Internet Security 2012. Some common problems that derive from an Internet Security 2012 infection may include general system stability and performance problems, and a drastic slow-down of the infected computer system. The main symptom of an Internet Security 2012 infection is the presence of constant, non-stop error messages and security alerts claiming that the victim’s computer is severely infected and recommending the full version of Internet Security 2012 as a possible cure.

Type: Rogue AntiSpyware Programs

How Can You Detect Internet Security 2012?

Download SpyHunter’s Detection Scanner
to Detect Internet Security 2012.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

Internet Security 2012 Technical Report

As new Internet Security 2012 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Internet Security 2012:

The following fake error message(s) appears for Internet Security 2012:

Explorer.exe can not start
File Explorer.exe is infected by
W32/Blaster.worm
Please activate Internet Security 2012 to protect your Computer.

notepad.exe can not start
File notepad.exe is infected by W32/Blaster.worm. Please activate Internet Security 2012 to protect your computer.

Security Warning
Malicious program has been detected. Click here to protect your computer.

Firewall Warning
Hidden file transfers to remote host has been detected.
has detected a leak of your files through the Internet. We strongly recommend that you block the attack immediately.

[filename] can not start
File [filename] is infected by W32/Blaster.worm.
Please activate Internet Security 2012 to protect your computer.

‘How Internet Security 2012 Infects Your Computer’ Video

Internet Security 2012 Removal Details

Internet Security 2012 has typically the following processes in memory:

  • %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\Internet Security 2012.exe
  • %AppData%\isecurity.exe
  • %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
  • %Documents and Settings%\[UserName]\Application Data\1tmp.bat
  • %ProgramFiles%\Internet Security 2012\Internet Security 2012.exe
  • %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\defender.exe
  • %TEMP%\winupd.exe

Internet Security 2012 creates the following files in the system:

  • %Documents and Settings%\[UserName]\asr.dat
  • %CommonPrograms%\Internet Security 2012\Internet Security 2012.lnk
  • %WINDOWS%\Prefetch\ISECURITY.EXE-1824C86D.pf
  • %UserProfile%\.Internet Security 2012
  • %Documents and Settings%\[UserName]\Application Data\1tmp.bat

Internet Security 2012 creates the following registry entries:

  • HLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS]”
  • HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1
  • HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = “0″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\Internet Security 2012.exe” /sn”
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\[RANDOM CHARACTERS]
  • HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz
  • HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}
  • HKEY_CURRENT_USER\Software\Microsoft “adver_id” = “29″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “ISECURITY.EXE”
  • HKEY_LOCAL_MACHINE\Software\Internet Security 2012.exe
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Internet Security 2012″
  • HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}
  • HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}
  • HKEY_CURRENT_USER\Software\Internet Security 2012
  • HKEY_LOCAL_MACHINE\SOFTWARE\ISECURITY.EXE

Important Article Disclaimer

ESG Support Center

This entry was last updated on 01/16/13 and posted on 01/20/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Adware:MSIL/SanctionedMedia
Hooot.com »

One Response to “Internet Security 2012”

  1. jenila Says:
    February 3rd, 2012 at 3:15 am

    Internet security 2012 is a fake antivirus !! we should get rid of them!!

    [Reply]

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.