Security Solution 2011

Security Solution 2011 Description

ScreenshotSecurity Solution 2011 is a clone from the MS Removal Tool family of rogue security programs. These fake security applications are usually distributed by Trojans, such as the Zlob Trojan or the Fake Microsoft Security Essentials Alert Trojan. Security Solution 2011 is part of a scam that targets inexperienced computer users to try to steal their money. ESG PC security advisers strongly recommend removing Security Solution 2011 with a fully-updated anti-malware application. Security Solution 2011 contains components that may make its removal difficult. In these cases, ESG malware analysts recommend rebooting Windows in Safe Mode.

How the Security Solution 2011 Works?

The Security Solution 2011 scam is similar to scams that are commonly carried out by most rogue security programs. This kind of scam has three main steps:

  1. Infiltrate the victim's computer. First of all, Security Solution 2011 needs to be downloaded and installed onto the victim's computer. There are many ways in which Security Solution 2011 may do this, but the most common is through the aid of a Trojan. Trojans associated with Security Solution 2011, such as the Zlob Trojan or the Fake Microsoft Security Essentials Alert Trojan, will usually display a fake error message claiming that a virus was detected on the victim's computer. Then, the Trojan will prompt the computer user to download Security Solution 2011 to fix the nonexistent virus. If the victim agrees, Security Solution 2011 will be downloaded and installed.
  2. Enforce the illusion that the victim's computer is severely infected. Security Solution 2011 creates a large number of problems on the victim's computer, in order to make the victim panic. Some of these problems include slowness, instability, frequent crashes, blocked access to executable files, frequent error messages and blocked access to the Internet browser. Security Solution 2011 also reinforces this illusion by displaying constant fake security alerts and a fake scan showing a large number of nonexistent virus problems on the victim's computer. Due to the changes that Security Solution 2011 makes to the Windows Registry, these effects cannot be bypassed without launching Windows in Safe Mode.
  3. Charge the victim to pay for a "full version" of Security Solution 2011. Once Security Solution 2011 has managed to make the victim panic, Security Solution 2011 will attempt to convince the victim to pay for a "full version" of this fake security program. It will do so with constant security alerts and by constantly directing the victim to a payment form. Security Solution 2011 claims that the only way to fix the very problems Security Solution 2011 alleges to detect is by paying to unlock hidden features in this fake security application.

Don't become a victim of Security Solution 2011. ESG malware analysts recommend ignoring Security Solution 2011's alerts and removing this fake security program with a legitimate anti-malware solution.

Aliases: Clicker.AQDG [AVG], Trojan-Clicker.AQDG [Ikarus], Trojan.PWS.Siggen.19141 [DrWeb], Gen:Trojan.Heur.VB.im0@cWDXh1ci [BitDefender], Trojan.Win32.Vilsel.bbct [Kaspersky], Trj/Genetic.gen [Panda], Trojan.Agent/Gen-LinkSeeker, Mal/Ratti-A [Sophos], TR/VB.Downloader.Gen [AntiVir], Gen:Trojan.Heur.VB.im0@caBYBJai [BitDefender], HEUR:Trojan.Win32.Generic [Kaspersky] and probably a variant of Win32/TrojanClicker.VB.NMH [NOD32].

Technical Information

Screenshots & Other Imagery

Security Solution 2011 Image 1 Security Solution 2011 Image 2 Security Solution 2011 Image 3 Security Solution 2011 Image 4 Security Solution 2011 Image 5 Security Solution 2011 Image 6 Security Solution 2011 Image 7

File System Details

Security Solution 2011 creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\4172309\149000.exe 139,264 c7b1da225315d5f8badf86a8b5b96bb1 22
2 %USERPROFILE%\AppData\Roaming\Security_Solution_2011\securitymanager.exe 89,600 2b4a5ff1a6abdd81b72f4daf8b17bf04 6
3 %USERPROFILE%\AppData\Roaming\Security_Solution_2011\Security Solution.exe 2,784,256 27dfa2ebbdf4ef69e23a5ab333e94ace 5
4 %AppData%\Security Solution 2011\securityhelper.exe N/A
5 %AppData%\Security Solution 2011\securitymanager.exe N/A
6 %Temp%\[RANDOM CHARACTERS].exe N/A
7 %AppData%\Security Solution 2011\Security Solution.exe N/A
8 %Temp%\mv3.tmp N/A
9 %UserProfile%\Desktop\Security Center.lnk N/A
10 %Programs%\Security Solution 2011.lnk N/A
11 %Programs%\Security Solution 2011\How to Activate Security Solution 2011.lnk N/A
12 %AppData%\Microsoft\Internet Explorer\Quick Launch\Security Solution 2011.lnk N/A
13 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].dat N/A
14 %Temp%\wrk4.tmp N/A
15 %Desktop%\Security Solution 2011.lnk N/A
16 %Programs%\Security Solution 2011\Help Security Solution 2011.lnk N/A
17 %AppData%\Security Solution 2011\IcoActivate.ico N/A
18 %AppData%\Security Solution 2011\IcoUninstall.ico N/A
19 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].ico N/A
20 %Temp%\ins2.tmp N/A
21 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Center.lnk N/A
22 %Programs%\Security Solution 2011\Activate Security Solution 2011.lnk N/A
23 %Programs%\Security Solution 2011\Security Solution 2011.lnk N/A
24 %AppData%\Security Solution 2011\IcoHelp.ico N/A
25 %AppData%\Security_Solution_2011\securityhelper.exe 4,288,003 c487469e1aee0b31698910850681b3a9 0
More files

Registry Details

Security Solution 2011 creates the following registry entry or registry entries:
Directory
%APPDATA%\Security Solution
%APPDATA%\Security Solution 2011
%AppData%\Security_Solution_2011
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Solution 2011"
HKEY_CURRENT_USER\Software\Security Solution 2011
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe" = 'C:\WINDOWS\system32\rundll32.exe:*:Enabled:Security Center'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security Solution 2011
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Solution 2011 Security"

More Details on Security Solution 2011

The following messages associated with Security Solution 2011 were found:
Antispyware software warning
Your computer is infected with spyware and malware. Last scan results: 364 infected files found! Click this notification to fix the problem.
Reported Insecure Browsing: Navigation Blocked
Insecure Internet Activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms, and Trojans without your knowledge, and that can lead to system slowdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information.
Security Center
Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to a remote computer!
Warning! Unauthorized personal data transfer is detected! It may be your personal credit card details, logins and passwords, browsing habits or information about files you have downloaded.
To protect your private data, please click "Prevent Connection" button below.
Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Screen.Grab.J.exe
Risk: High
System critical warning!
You have been infected by a proxy-relay Trojan server
Your computer might be at risk
Antivirus detects viruses, worms, and Trojan horses. They can (and do) destroy data, format your hard disk or can destroy the BIOS. By destroying the BIOS many times you end up buying a new motherboard or if the bios chip is removable then that chip would need replacing.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.

By Domesticus in Rogue Anti-Spyware Program
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular computer threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected Computer: The number of confirmed and suspected cases of a particular threat detected on infected computers retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected computers of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows computer users to track the geographic distribution of a particular threat throughout the world.
Ranking: N/A
Threat Level: 10
Infected Computers: 123