AV Secure 2012
Posted: December 1, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 59 |
First Seen: | December 1, 2011 |
---|---|
Last Seen: | November 2, 2020 |
OS(es) Affected: | Windows |
AV Secure 2012 is the latest variant of a rogue anti-virus program template that's in use by FakeScanti family. In addition to displaying typical FakeScanti symptoms (such as fake infection alerts and blocking real security applications), AV Secure 2012 also has an extra function – AV Secure 2012 redirects your web browser from social networking sites and search engines to hostile websites that install other forms of Trojan:Win32/FakeScanti scamware. AV Secure 2012's looks may make AV Secure 2012 appear to be an anti-virus program, but SpywareRemove.com malware research team has noted that AV Secure 2012 has no way to find or remove any form of virus and can only mean bad news for your PC. The sooner you remove AV Secure 2012 from your computer with actual anti-malware software, the better off your computer will be - and the more likely you'll be to avoid additional attacks from FakeScanti-based PC threats.
AV Secure 2012 - a Typical Fake AV Product with a New Trick Up Its Sleeve
AV Secure 2012, like any rogue security program from the FakeScanti subgroup, may sneak onto your PC through a range of different methods, but its goal is always the same: to force you to spend money on removing infections that aren't really on your PC in the first place. Although SpywareRemove.com malware experts have found that AV Secure 2012 is happy to display infection alert pop-ups and a system-scanning feature, these features only contain fake information.
AV Secure 2012 has also been upgraded with an extra feature: the ability to redirect your web browser away from Facebook, Google and other types of search engines and social networking sites. AV Secure 2012 makes use of this to redirect you to websites that install other variants of FakeScanti scamware such as Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013. Malicious sites that are affiliated with AV Secure 2012 and other versions of FakeScanti programs may also use misleading warning messages of their own, such as the following:
ATTENTION!
Your PC is Infected!
You can loose [sic] all of your Secure data from bank details to email or social network password:
Please activate [Random FakeScanti program's name] to REMOVE Infection from your PC.
How to Put a Plug in AV Secure 2012's Unwanted AV Features
Because SpywareRemove.com malware experts have noted that AV Secure 2012's web browser redirects use Windows Hosts file modifications to function, only removing AV Secure 2012 and undoing its Windows changes will put a halt to these attacks (as well as AV Secure 2012's other symptoms). Preferential methods of deleting AV Secure 2012 include:
- Rebooting into Safe Mode or using an externally-based boot (such as a Windows CD) to disable AV Secure 2012's startup routine.
- Renaming your anti-malware software's .exe files, if necessary, to prevent them from being blocked by any form of active PC threat.
- Scanning your PC with an anti-malware program of your choice, ideally only after making sure that it's equipped with all available threat database updates. This will remove AV Secure 2012 and undo most or all of its system alterations. If any web browser redirects or other symptoms persist, you may need to take additional steps to revert various Windows components to their normal states.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\ldr.ini
File name: %AppData%\ldr.iniMime Type: unknown/ini
Group: Malware file
%AppData%\[random]\AV Secure 2012.ico
File name: %AppData%\[random]\AV Secure 2012.icoMime Type: unknown/ico
Group: Malware file
%DesktopDir%\AV Secure 2012.lnk
File name: %DesktopDir%\AV Secure 2012.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Programs%\AV Secure 2012\AV Secure 2012.lnk
File name: %Programs%\AV Secure 2012\AV Secure 2012.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\8.tmp
File name: %Temp%\8.tmpFile type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.