Home Malware Programs Rogue Anti-Virus Programs AV Secure 2012

AV Secure 2012

Posted: December 1, 2011

Threat Metric

Threat Level: 8/10
Infected PCs: 59
First Seen: December 1, 2011
Last Seen: November 2, 2020
OS(es) Affected: Windows

AV Secure 2012 Screenshot 1AV Secure 2012 is the latest variant of a rogue anti-virus program template that's in use by FakeScanti family. In addition to displaying typical FakeScanti symptoms (such as fake infection alerts and blocking real security applications), AV Secure 2012 also has an extra function – AV Secure 2012 redirects your web browser from social networking sites and search engines to hostile websites that install other forms of Trojan:Win32/FakeScanti scamware. AV Secure 2012's looks may make AV Secure 2012 appear to be an anti-virus program, but SpywareRemove.com malware research team has noted that AV Secure 2012 has no way to find or remove any form of virus and can only mean bad news for your PC. The sooner you remove AV Secure 2012 from your computer with actual anti-malware software, the better off your computer will be - and the more likely you'll be to avoid additional attacks from FakeScanti-based PC threats.

AV Secure 2012 - a Typical Fake AV Product with a New Trick Up Its Sleeve

AV Secure 2012, like any rogue security program from the FakeScanti subgroup, may sneak onto your PC through a range of different methods, but its goal is always the same: to force you to spend money on removing infections that aren't really on your PC in the first place. Although SpywareRemove.com malware experts have found that AV Secure 2012 is happy to display infection alert pop-ups and a system-scanning feature, these features only contain fake information.

AV Secure 2012 has also been upgraded with an extra feature: the ability to redirect your web browser away from Facebook, Google and other types of search engines and social networking sites. AV Secure 2012 makes use of this to redirect you to websites that install other variants of FakeScanti scamware such as Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013. Malicious sites that are affiliated with AV Secure 2012 and other versions of FakeScanti programs may also use misleading warning messages of their own, such as the following:

ATTENTION!
Your PC is Infected!
You can loose [sic] all of your Secure data from bank details to email or social network password:
Please activate [Random FakeScanti program's name] to REMOVE Infection from your PC.

How to Put a Plug in AV Secure 2012's Unwanted AV Features

Because SpywareRemove.com malware experts have noted that AV Secure 2012's web browser redirects use Windows Hosts file modifications to function, only removing AV Secure 2012 and undoing its Windows changes will put a halt to these attacks (as well as AV Secure 2012's other symptoms). Preferential methods of deleting AV Secure 2012 include:

  • Rebooting into Safe Mode or using an externally-based boot (such as a Windows CD) to disable AV Secure 2012's startup routine.
  • Renaming your anti-malware software's .exe files, if necessary, to prevent them from being blocked by any form of active PC threat.
  • Scanning your PC with an anti-malware program of your choice, ideally only after making sure that it's equipped with all available threat database updates. This will remove AV Secure 2012 and undo most or all of its system alterations. If any web browser redirects or other symptoms persist, you may need to take additional steps to revert various Windows components to their normal states.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%AppData%\[random]\AV Secure 2012.ico File name: %AppData%\[random]\AV Secure 2012.ico
Mime Type: unknown/ico
Group: Malware file
%DesktopDir%\AV Secure 2012.lnk File name: %DesktopDir%\AV Secure 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Programs%\AV Secure 2012\AV Secure 2012.lnk File name: %Programs%\AV Secure 2012\AV Secure 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\8.tmp File name: %Temp%\8.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
Loading...