System Security 2012

System Security 2012 Description

Type: Rogue AntiSpyware Programs

ScreenshotSystem Security 2012 is one of the many fake security applications associated with the FakeScanti Trojan, also known as the WinAVPro family of rogueware. As the year 2011 comes to an end, the criminals behind these malware infections have started releasing clones of the rogue security applications in this family with '2012' appended to the program's name. Despite its name, System Security 2012 has absolutely nothing to do with legitimate anti-virus protection. This fake security program does exactly the opposite of what it advertises. Rather than protecting your computer, it makes it more vulnerable to other malware threats; instead of helping a machine become more efficient, System Security 2012 provokes crashes and makes your computer run slowly; instead of stopping malware in its tracks, System Security 2012 is a malware infection in itself. This is why ESG PC security researchers recommend removing System Security 2012 with the help of a reliable anti-malware tool. Known clones of System Security 2012 include malware such as Security Sphere 2012, Data Restore, Fake System Restore, System Security 2011, OpenCloud Antivirus, OpenCloud Security, and Internet Antivirus 2011. These programs and many more are basically the same with only slight changes to the interface and title of each new version of the FakeScanti Trojan.

Symptoms of a System Security 2012

A System Security 2012 infection can be easily recognized because of its insistent use of constant fake security alerts and pop-up notifications. While many malware infections thrive while undetected, making sure that the user never finds out about their presence on the infected computer system, this is not the case with System Security 2012 and other rogues. Rogue security applications like System Security 2012 want to scare PC users out of their wits. This is because System Security 2012 and its clones try to simulate a full-blown malware attack in order to convince the victim to purchase a useless "full version" of System Security 2012 to remove the imaginary infection. Clicking on any of the constant, alarming error messages that System Security 2012 displays will take the victim to System Security 2012's website where the victim is prompted to pay for this useless fake anti-malware application. Some common symptoms of a System Security 2012 infection include:

  • General system crashes and instability.
  • Blocked access to your applications and files, especially legitimate security programs which System Security 2012 blocks in order to protect itself.
  • The sudden disappearance of files from your hard drive. Do not worry, System Security 2012 will rarely delete files, but simply hide them in order to convince the victim that the computer is severely infected.

Once installed, System Security 2012 will perform a fictitious system scan and report false malware infections to scare you into believing that your PC is corrupted. System Security 2012 will also show fabricated security notifications and warnings to inform you that your PC is compromised. You should ignore all security messages and alerts associated with System Security 2012, because they all are generated to scare you and trick you into buying its software. System Security 2012 is not able to secure or improve your PC. ESG's malware researchers strongly advise you not to waste your money on System Security 2012 and remove it as quickly as possible by using a trustworthy and powerful anti-spyware program.


2 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Panda Suspicious file
Sophos Mal/FakeAV-IS

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove System Security 2012

File System Details

System Security 2012 creates the following file(s):
# File Name MD5 Detection Count
1 YTZkIVrlOtAuSiF.exe b7ddb0cae9cb1cb77904e5f8f771170a 2
2 dwme.exe 574969c01c04c4716b1568a096c22796 1
3 %StartMenu%\Programs\Startup\crss.exe N/A
4 %Temp%\svhostu.exe N/A
5 %AppData%\svhostu.exe N/A
6 %UserProfile%\Desktop\System Security 2011.lnk N/A
7 %AppData%\[RANDOM CHARACTERS]\System Security 2011.ico N/A
8 %AppData%\ldr.ini N/A
9 %Temp%\8.tmp N/A
10 PnG44aQHsWKfE9.exe 1af115f6c15d532c5837229d7eee191c 0
More files

Registry Details

System Security 2012 creates the following registry entry or registry entries:
Registry Key Value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http="
Registry Keys and Subkeys
HKEY_CURRENT_USER\Software\System Security 2012
Run Keys

More Details on System Security 2012

The following messages associated with System Security 2012 were found:
Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Warning infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Zeus Trojan Publisher: Unauthorized
Warning! The file "taskmgr.exe" is infected. Running of application is impossible. Please activate your antivirus software
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.