AV Security 2012 Description
AV Security 2012, Another Iteration of the FakeScanti Trojan
The fake security program AV Security 2012 belongs to the FakeScanti family of rogue anti-virus programs, also known as WinAVPro. AV Security 2012 pretends to be a legitimate security program but, in fact, is linked to a Trojan that is part of a well-known online scam. AV Security 2012 is not alone, there are dozens of versions of fake anti-virus applications (also known as rogue anti-spyware programs) linked to this malicious threat. Rogue anti-virus applications similar to AV Security 2012 have been known to appear since at least 2009, and probably before. AV Security 2012 is part of a batch of clones of this rogue anti-virus program that add the year "2012" to the end of their names. These clones have started to make their appearances in the fall of 2011, taking advantage of the coming new year. ESG malware analysts strongly advise against falling for the AV Security 2012 scam.
Despite its name, AV Security 2012 offers absolutely no anti-virus protection. In fact, AV Security 2012 is classified as a malware infection in itself and contains characteristics of an identified security threat. AV Security 2012 uses a variety of malicious scripts and Trojans to cause harm to the infected computer system. Known clones of AV Security 2012 include Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013. These fake security programs also have versions with the "2011" suffix. Do not fall for this scam, AV Security 2012 is the same fake security application as its previous versions, with only slight changes made to its outer appearance.
Symptoms of AV Security 2012
An AV Security 2012 infection is very easy to spot. The criminals behind AV Security 2012 designed their rogue anti-virus program's presence to be as obvious as possible. However, many computer users may not understand that AV Security 2012 is not a real security program. Recognizing rogue anti-virus programs like AV Security 2012 for what they are, is the most important thing to remember when dealing with these kinds of malware infections. A computer system infected with AV Security 2012 will become slow and unstable and will display a constant stream of fake error messages, security alerts and fake system scans. AV Security 2012 has also been known to contain browser hijacking components, designed to take over the infected computer's Internet browser, in order to force it to visit websites associated with the AV Security 2012 threat.
Technical Information
Screenshots & Other Imagery
AV Security 2012 Video
File System Details
# | File Name | Size | MD5 | Detection Count |
---|---|---|---|---|
1 | %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe | 45,056 | a9cd2ba73ed5b431ba8aad56e8d89844 | 12 |
2 | %PROGRAMFILES(x86)%\71346\lvvm.exe | 182,272 | ebcd3086072280285592e8a5431adb5d | 11 |
3 | %SystemDrive%\RECYCLER\S-1-5-21-4168701361-1266486392-1090043892-1007\$4a52a1627ae1e67bebec74de81edea2d\n. | 74,240 | b40a6b8dc690cbd4e96bc16f6c4bee1c | 5 |
4 | %WINDIR%\SysWOW64\FVelOBtzPyAiDoF.exe | 1,766,912 | 0e54f12d5d681da60c2e66e3b7ace896 | 3 |
5 | %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7422\s523l22mix.exe | 49,152 | 73e80cfa71c28924e16d6e74343a359f | 3 |
6 | %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe | 49,152 | 00843c5975394889ed410dc2a6210d54 | 3 |
7 | %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8961\s523lswp98.exe | 49,152 | 5c1f32763786d045c2fe186d940a9ec5 | 3 |
8 | %ALLUSERSPROFILE%\Application Data\v4xEDEgT.exe | 134,656 | 43bf50f46e19710de986693bd7e056eb | 3 |
9 | %PROGRAMFILES%\LP\D258\ABE.exe | 283,648 | 949ba76d0246bc8dfd7c9920f5f329e0 | 2 |
10 | %APPDATA%\8697A\F9EF3.exe | 166,912 | 8adc9f1bdcfd18aafceff1dbd1707cea | 2 |
11 | %PROGRAMFILES%\LP\20F1\454.exe | 275,968 | 658716973a482d8eab0b76df55343337 | 2 |
12 | %APPDATA%\Microsoft\8F8E\8F8.exe | 284,672 | f4b81820a1e28d96e8e02b805b0a159c | 1 |
13 | %APPDATA%\Microsoft\DFF4\B69.exe | 286,720 | 2d89ed3a4ce5096ea0dcaf5c9ba5bb0e | 1 |
14 | C:\Windows\system32\[RANDOM CHARACTERS].exe | N/A | ||
15 | %Temp%\svhostu.exe | N/A | ||
16 | %System%\AV Security 2012v121.exe | N/A | ||
17 | C:\Windows\System32 AV Security 2012v121.exe | N/A | ||
18 | %AppData%\ldr.ini | N/A | ||
19 | %Desktop%\AV Security 2012.lnk | N/A | ||
20 | %AppData%\[RANDOM CHARACTERS]\AV Security 2012.ico | N/A | ||
21 | %StartMenu%\Programs\AV Security 2012\AV Security 2012.lnk | N/A | ||
22 | %AppData%\[RANDOM CHARACTERS]\ | N/A | ||
23 | %StartMenu%\Programs\AV Security 2012\ | N/A | ||
24 | %WINDIR%\system32\AV Security 2012v121.exe | 2,458,624 | 9d0953de50a87f4c967e5b09bc5ceb3f | 0 |
Registry Details
More Details on AV Security 2012
Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous. |
Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately. |
Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software. |
Security Warning Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection. |
svchost.exe svchost.exe was replaced with unauthorized program. It has encountered a problem and needs to close. If you were in the middle of something, the information you were working on might be lost. |
Warning! Infection found Unauthorized sending E-MAIL with subject "RE:" to was CANCELLED. |
Warning! Infection found Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer. Keylogger Zeus was detected and put in quarantine. Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails. |
Warning: Infection is Detected Windows has found spyware infection on your computer! Click here to update your Windows antivirus software |
Windows Security Alert To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Zeus Trojan Publisher: Unauthorized |
Windows Security Center Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC? |
Site Disclaimer
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.