Antispyware Pro 2012

Antispyware Pro 2012 Description

Type: Adware

ESG security researchers classify Antispyware Pro 2012 as a rogue security program and another member of the FakeRean family. Rogue anti-virus or anti-malware applications are among the most common kinds of malware infections. They are designed to steal money from inexperienced computer users by pretending to be legitimate security programs and convincing the victim to purchase Antispyware Pro 2012's nonexistent full version. Most Antispyware Pro 2012 infections are installed on a victim's computer system without that computer user's knowledge. However, ESG security analysts have observed that Antispyware Pro 2012 is also often installed through fake online malware scans that prompt the victim to download and install this fake security program. However, computer users that do this do it without fully realizing that Antispyware Pro 2012 has no real anti-malware capabilities. In fact, if computer users were aware of the extent of Antispyware Pro 2012's intrusive behavior they would definitely not install this fake security program.

Why You Should Avoid Installing Antispyware Pro 2012 on Your Computer System

Basically, Antispyware Pro 2012 will usually be associated with a Trojan infection and a variety of other malware threats. This Trojan will enter the victim's computer system without the victim's knowledge and install Antispyware Pro 2012 surreptitiously. Once Antispyware Pro 2012 is installed, this program will start displaying irritating and misleading error messages and pop-up notifications from the Windows Task Bar. All of these messages will claim that the victim's computer is heavily infected with numerous viruses and Trojans (besides those associated with Antispyware Pro 2012, that is). Antispyware Pro 2012 will also run a fake system scan showing alarming results. This entire charade is meant to push inexperienced computer users into purchasing a fake 'full version' of Antispyware Pro 2012, which is just as useless as its trial version.

Dealing with an Antispyware Pro 2012 Infection

ESG security researchers advise using a reliable anti-malware program that is fully updated to detect and remove Antispyware Pro 2012 as well as its numerous clones that include Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015..

Some versions of Antispyware Pro 2012 may be associated with malware capable of detecting and disabling legitimate security programs. To prevent this from happening, ESG security analysts recommend either starting up in Safe Mode or initiating Windows from an external drive. It may be necessary to restore harmful changes made by Antispyware Pro 2012 to the infected computer's registry, system settings, and web browser preferences.

Technical Information

File System Details

Antispyware Pro 2012 creates the following file(s):
# File Name Detection Count
1 %CommonStartMenu%\Programs\Antispyware Pro 2012.lnk N/A
2 %Desktop%\Antispyware Pro 2012.lnk N/A
3 %AppData%\result.db N/A

Registry Details

Antispyware Pro 2012 creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ypjcmvvgbv"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-12_7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.