System Security 2012

System Security 2012 Description

ScreenshotSystem Security 2012 is one of the many fake security applications associated with the FakeScanti Trojan, also known as the WinAVPro family of rogueware. As the year 2011 comes to an end, the criminals behind these malware infections have started releasing clones of the rogue security applications in this family with '2012' appended to the program's name. Despite its name, System Security 2012 has absolutely nothing to do with legitimate anti-virus protection. This fake security program does exactly the opposite of what it advertises. Rather than protecting your computer, it makes it more vulnerable to other malware threats; instead of helping a machine become more efficient, System Security 2012 provokes crashes and makes your computer run slowly; instead of stopping malware in its tracks, System Security 2012 is a malware infection in itself. This is why ESG PC security researchers recommend removing System Security 2012 with the help of a reliable anti-malware tool. Known clones of System Security 2012 include malware such as Security Sphere 2012, Data Restore, Fake System Restore, System Security 2011, OpenCloud Antivirus, OpenCloud Security, and Internet Antivirus 2011. These programs and many more are basically the same with only slight changes to the interface and title of each new version of the FakeScanti Trojan.

Symptoms of a System Security 2012

A System Security 2012 infection can be easily recognized because of its insistent use of constant fake security alerts and pop-up notifications. While many malware infections thrive while undetected, making sure that the user never finds out about their presence on the infected computer system, this is not the case with System Security 2012 and other rogues. Rogue security applications like System Security 2012 want to scare PC users out of their wits. This is because System Security 2012 and its clones try to simulate a full-blown malware attack in order to convince the victim to purchase a useless "full version" of System Security 2012 to remove the imaginary infection. Clicking on any of the constant, alarming error messages that System Security 2012 displays will take the victim to System Security 2012's website where the victim is prompted to pay for this useless fake anti-malware application. Some common symptoms of a System Security 2012 infection include:

  • General system crashes and instability.
  • Blocked access to your applications and files, especially legitimate security programs which System Security 2012 blocks in order to protect itself.
  • The sudden disappearance of files from your hard drive. Do not worry, System Security 2012 will rarely delete files, but simply hide them in order to convince the victim that the computer is severely infected.

Once installed, System Security 2012 will perform a fictitious system scan and report false malware infections to scare you into believing that your PC is corrupted. System Security 2012 will also show fabricated security notifications and warnings to inform you that your PC is compromised. You should ignore all security messages and alerts associated with System Security 2012, because they all are generated to scare you and trick you into buying its software. System Security 2012 is not able to secure or improve your PC. ESG's malware researchers strongly advise you not to waste your money on System Security 2012 and remove it as quickly as possible by using a trustworthy and powerful anti-spyware program.

Aliases: Suspicious file [Panda], Mal/FakeAV-IS [Sophos] and Trojan.Win32.Heur.Gen.

Technical Information

Screenshots & Other Imagery

System Security 2012 Image 1 System Security 2012 Image 2 System Security 2012 Image 3 System Security 2012 Image 4 System Security 2012 Image 5 System Security 2012 Image 6

File System Details

System Security 2012 creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\system32\YTZkIVrlOtAuSiF.exe 1,766,912 b7ddb0cae9cb1cb77904e5f8f771170a 2
2 %APPDATA%dwme.exe 99,840 574969c01c04c4716b1568a096c22796 1
3 %StartMenu%\Programs\Startup\crss.exe N/A
4 %Temp%\svhostu.exe N/A
5 %AppData%\svhostu.exe N/A
6 %UserProfile%\Desktop\System Security 2011.lnk N/A
7 %AppData%\[RANDOM CHARACTERS]\System Security 2011.ico N/A
8 %AppData%\ldr.ini N/A
9 %Temp%\8.tmp N/A
10 PnG44aQHsWKfE9.exe 1,698,816 1af115f6c15d532c5837229d7eee191c 0
More files

Registry Details

System Security 2012 creates the following registry entry or registry entries:
RegistryKeyValue
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:59232"
RegistryKeysandSubkeys
HKEY_CURRENT_USER\Software\System Security 2012
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
RunKeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

More Details on System Security 2012

The following messages associated with System Security 2012 were found:
Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Warning infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Zeus Trojan Publisher: Unauthorized
Warning! The file "taskmgr.exe" is infected. Running of application is impossible. Please activate your antivirus software
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

By GoldSparrow in Rogue Anti-Spyware Program
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular computer threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected Computer: The number of confirmed and suspected cases of a particular threat detected on infected computers retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected computers of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows computer users to track the geographic distribution of a particular threat throughout the world.
Ranking: N/A
Threat Level: 10
Infected Computers: 10