AV Security 2012

AV Security 2012 Description

Screenshot

AV Security 2012, Another Iteration of the FakeScanti Trojan

The fake security program AV Security 2012 belongs to the FakeScanti family of rogue anti-virus programs, also known as WinAVPro. AV Security 2012 pretends to be a legitimate security program but, in fact, is linked to a Trojan that is part of a well-known online scam. AV Security 2012 is not alone, there are dozens of versions of fake anti-virus applications (also known as rogue anti-spyware programs) linked to this malicious threat. Rogue anti-virus applications similar to AV Security 2012 have been known to appear since at least 2009, and probably before. AV Security 2012 is part of a batch of clones of this rogue anti-virus program that add the year "2012" to the end of their names. These clones have started to make their appearances in the fall of 2011, taking advantage of the coming new year. ESG malware analysts strongly advise against falling for the AV Security 2012 scam.

Despite its name, AV Security 2012 offers absolutely no anti-virus protection. In fact, AV Security 2012 is classified as a malware infection in itself and contains characteristics of an identified security threat. AV Security 2012 uses a variety of malicious scripts and Trojans to cause harm to the infected computer system. Known clones of AV Security 2012 include Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013. These fake security programs also have versions with the "2011" suffix. Do not fall for this scam, AV Security 2012 is the same fake security application as its previous versions, with only slight changes made to its outer appearance.

Symptoms of AV Security 2012

An AV Security 2012 infection is very easy to spot. The criminals behind AV Security 2012 designed their rogue anti-virus program's presence to be as obvious as possible. However, many computer users may not understand that AV Security 2012 is not a real security program. Recognizing rogue anti-virus programs like AV Security 2012 for what they are, is the most important thing to remember when dealing with these kinds of malware infections. A computer system infected with AV Security 2012 will become slow and unstable and will display a constant stream of fake error messages, security alerts and fake system scans. AV Security 2012 has also been known to contain browser hijacking components, designed to take over the infected computer's Internet browser, in order to force it to visit websites associated with the AV Security 2012 threat.

Aliases: Generic Backdoor [Panda], W32/FakeAV.IS!tr.bdr [Fortinet], Trojan.Win32.Fednu.txa, Backdoor/Win32.Gbot [AhnLab-V3], Backdoor/Win32.Gbot.gen [Antiy-AVL], Win32/Cycbot.KC!generic [eTrust-Vet], TR/Kazy.47304 [AntiVir], Trojan.Win32.Generic!BT, BackDoor.Gbot.1589 [DrWeb], TrojWare.Win32.Kryptik.WPP [Comodo], Gen:Variant.Kazy.47304 [BitDefender], Backdoor.Win32.Gbot.rkq [Kaspersky], Win32:Cybota [Trj] [Avast], W32/Cycbot.EV and a variant of Win32/Kryptik.WSZ [NOD32].

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how AV Security 2012 infects a computer.

AV Security 2012 Video

AV Security 2012 Image 1 AV Security 2012 Image 2 AV Security 2012 Image 3 AV Security 2012 Image 4 AV Security 2012 Image 5 AV Security 2012 Image 6 AV Security 2012 Image 7 AV Security 2012 Image 8 AV Security 2012 Image 9 AV Security 2012 Image 10 AV Security 2012 Image 11

File System Details

AV Security 2012 creates the following file(s):
# File Name Size MD5 Detection Count
1 %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe 45,056 a9cd2ba73ed5b431ba8aad56e8d89844 12
2 %PROGRAMFILES(x86)%\71346\lvvm.exe 182,272 ebcd3086072280285592e8a5431adb5d 11
3 %SystemDrive%\RECYCLER\S-1-5-21-4168701361-1266486392-1090043892-1007\$4a52a1627ae1e67bebec74de81edea2d\n. 74,240 b40a6b8dc690cbd4e96bc16f6c4bee1c 5
4 %WINDIR%\SysWOW64\FVelOBtzPyAiDoF.exe 1,766,912 0e54f12d5d681da60c2e66e3b7ace896 3
5 %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7422\s523l22mix.exe 49,152 73e80cfa71c28924e16d6e74343a359f 3
6 %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe 49,152 00843c5975394889ed410dc2a6210d54 3
7 %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8961\s523lswp98.exe 49,152 5c1f32763786d045c2fe186d940a9ec5 3
8 %ALLUSERSPROFILE%\Application Data\v4xEDEgT.exe 134,656 43bf50f46e19710de986693bd7e056eb 3
9 %PROGRAMFILES%\LP\D258\ABE.exe 283,648 949ba76d0246bc8dfd7c9920f5f329e0 2
10 %APPDATA%\8697A\F9EF3.exe 166,912 8adc9f1bdcfd18aafceff1dbd1707cea 2
11 %PROGRAMFILES%\LP\20F1\454.exe 275,968 658716973a482d8eab0b76df55343337 2
12 %APPDATA%\Microsoft\8F8E\8F8.exe 284,672 f4b81820a1e28d96e8e02b805b0a159c 1
13 %APPDATA%\Microsoft\DFF4\B69.exe 286,720 2d89ed3a4ce5096ea0dcaf5c9ba5bb0e 1
14 C:\Windows\system32\[RANDOM CHARACTERS].exe N/A
15 %Temp%\svhostu.exe N/A
16 %System%\AV Security 2012v121.exe N/A
17 C:\Windows\System32 AV Security 2012v121.exe N/A
18 %AppData%\ldr.ini N/A
19 %Desktop%\AV Security 2012.lnk N/A
20 %AppData%\[RANDOM CHARACTERS]\AV Security 2012.ico N/A
21 %StartMenu%\Programs\AV Security 2012\AV Security 2012.lnk N/A
22 %AppData%\[RANDOM CHARACTERS]\ N/A
23 %StartMenu%\Programs\AV Security 2012\ N/A
24 %WINDIR%\system32\AV Security 2012v121.exe 2,458,624 9d0953de50a87f4c967e5b09bc5ceb3f 0
More files

Registry Details

AV Security 2012 creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:59232"

More Details on AV Security 2012

The following messages associated with AV Security 2012 were found:
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.

By Sumo3000 in Rogue Anti-Virus Program
Translate To: Português
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular computer threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected Computer: The number of confirmed and suspected cases of a particular threat detected on infected computers retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected computers of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows computer users to track the geographic distribution of a particular threat throughout the world.
Threat Level: 10
Infected Computers: 294