Security Sphere 2012

Security Sphere 2012 Description

Screenshot

Security Sphere 2012 – Just One More Clone of the Same Old Rogue Security Programs

Security Sphere 2012 is a rogue security application from an extensive family of rogue security programs. Some clones of Security Sphere 2012 include XP Anti-Spyware 2010, Win 7 Smart Security 2010, Desktop Defender 2010, Vista Guardian 2010, XP Internet Security 2011, and Vista Home Security 2011 – the list can go on forever, as there are many versions of these fake programs stretching back to at least 2009. Despite their different names and interface, they are, fundamentally, the same rogue security application, with a core that is reminiscent of older rogue security programs dating from as far back as 2005. According to ESG security researchers, there is no question that Security Sphere 2012 has absolutely no security components, existing mainly to scam computer users through deceptive tactics and alarming error messages. Security Sphere 2012 has been known to disable legitimate security programs and interact with known Trojans and rootkits. This is why ESG malware analysts recommend getting rid of Security Sphere 2012 immediately.

How Security Sphere 2012 Manifests Itself

Most rogue security programs cause the same symptoms on an infected computer: a large number of fake error messages, browser redirects and performance problems. Security Sphere 2012 uses a blue interface that is very similar to the interface for legitimate Windows security components. It also uses a colored shield logo that is meant to mimic the shield used in Microsoft Security Essentials and in Windows Security Center. However, these are only meant to fool inexperienced computer users into thinking that Security Sphere 2012 is actually a real anti-virus program approved by Microsoft. Security Sphere 2012 runs a fake scan automatically and then keeps showing alarming error messages until the victim gives up and decides to pay for a "full version" of Security Sphere 2012, in order to fix these fake problems. Security Sphere 2012 can show error messages as pop-up alerts, as well as notifications from the Windows Taskbar. Below is an example of a typical fake security alert from Security Sphere 2012:

Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible changes may occur. Private data may be stolen.
Click here now for an instant anti-virus scan.
Taking Security Sphere 2012 to Task for Its Fake Security

Dealing with Security Sphere 2012

To stop most of Security Sphere 2012's symptoms, you can use the registration code '2233-298080-3424.' However, this will not remove Security Sphere 2012; it will only stop Security Sphere 2012 from displaying most of Security Sphere 2012's most annoying features. To get rid of Security Sphere 2012, you will need to start up your computer in Safe Mode (so that Security Sphere 2012 will not block your anti-malware software) and then use a legitimate anti-malware utility to remove Security Sphere 2012 and all of its harmful components.[tem

Do You Suspect Your PC May Be Infected with Security Sphere 2012 & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Security Sphere 2012 as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Security Sphere 2012 infects a computer.

Is your PC Infected with Security Sphere 2012?

Security Sphere 2012 Image 1 Security Sphere 2012 Image 2 Security Sphere 2012 Image 3 Security Sphere 2012 Image 4 Security Sphere 2012 Image 5 Security Sphere 2012 Image 6 Security Sphere 2012 Image 7

File System Details

Security Sphere 2012 creates the following file(s):
# File Name Size MD5
1 %Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS].exe
2 %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
3 %Documents and Settings%\[UserName]\Desktop\Security Sphere 2012.lnk
4 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmp
5 %Temp%\[RANDOM CHARACTERS]\
6 %ALLUSERSPROFILE%\Application Data\nN02901GfNiF02901\nN02901GfNiF02901.exe 376,832 d6365c3365a53b513780bda09c0ba7b2
7 %ALLUSERSPROFILE%\Application Data\Mn02901GfNiF02901\Mn02901GfNiF02901.exe 393,216 c5a3cf0e35d42ba557bd7bdbbb883409
8 %ALLUSERSPROFILE%\Application Data\Lo02901GfNiF02901\Lo02901GfNiF02901.exe 380,928 8ade31ea6af2a42c522696eb375e76eb
9 %ALLUSERSPROFILE%\Application Data\eE02901GfNiF02901\eE02901GfNiF02901.exe 385,024 8aa04ec92727f9c527bdab2e88ed5154
10 %ALLUSERSPROFILE%\Application Data\vL02901GfNiF02901\vL02901GfNiF02901.exe 385,024 88b31496141aede9c1b336a5e7ebe756
More files

Registry Details

Security Sphere 2012 creates the following registry entry or registry entries:
Regexp file mask
%ALLUSERSPROFILE%\??????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\?????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%AllUsersProfile%\????????????\[RANDOM CHARACTERS][NUMBERS].exe
%AllUsersProfile%\??????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Anwendungsdaten\??????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Anwendungsdaten\?????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Anwendungsdaten\????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Anwendungsdaten\????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Anwendungsdaten\??????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Application Data\??????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Application Data\?????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Application Data\????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%AllUsersProfile%\Application Data\????????????\[RANDOM CHARACTERS][NUMBERS].exe
%AllUsersProfile%\Application Data\??????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Application Data\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Application Data\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Application Data\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Application Data\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Application Data\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Arquivos de programa\??????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Dati applicazioni\??????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Dati applicazioni\?????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Dati applicazioni\????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Dati applicazioni\????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Dati applicazioni\??????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Datos de programa\??????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Datos de programa\?????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Datos de programa\????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Datos de programa\????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Datos de programa\??????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Programdata\??????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Programdata\????????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Programdata\????????????\[RANDOM CHARACTERS][NUMBERS].exe
%ALLUSERSPROFILE%\Programdata\??????????\[RANDOM CHARACTERS][NUMBERS].exe
%ProgramData%\??????????\[RANDOM CHARACTERS][NUMBERS].exe
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilte "Enabled" = "0"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "enablehttp1_1" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM CHARACTERS]"

More Details on Security Sphere 2012

The following messages associated with Security Sphere 2012 were found:
Security Sphere 2012 Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with Security Sphere 2012
Security Sphere 2012 Warning
Your computer is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid theft of your credit card details.
Click here to activate protection.
Warning message from Internet browser. This page under virus attack. This may crash your system.

This may be caused by:

- Virus content founded at this site trying to install its components.
- Malicious & unknown network processes are determined.
- Your system is under virus attack
- Negative references from other citizens concerning this web page.
- Your system ports and backdoors have been checked by visited page for external access.

Recommendations:

- Obtain a license of "Security Sphere 2012" to protect your PC for the safest browsing Internet pages (desirable)
- Launch spyware, virus and malware scanning process.
- Keep browsing
Warning!
Application cannot be executed. The file notepad.exe is infected.
Please activate your antivirus software.
Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software...

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.