AV Security 2012
Posted: November 9, 2011
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 698 |
| First Seen: | November 9, 2011 |
|---|---|
| Last Seen: | August 17, 2022 |
| OS(es) Affected: | Windows |
On the outside, AV Security 2012 appears to be an anti-malware program that detects viruses, Trojans and other types of PC threats, but as far as its actual code is concerned, AV Security 2012 is nothing more than a series of fake warnings and requests to take your money. SpywareRemove.com malware research team has found that AV Security 2012 lacks anything that could resemble legitimate security-related features and may even attack your PC directly with browser hijacks and software blacklists that prevent you from using real anti-malware programs. However, as long as you avoid purchasing AV Security 2012, you will not have lost anything permanent in the time that it takes you to use standard anti-malware techniques and software to find and remove AV Security 2012 from your PC.
AV Security 2012: Ringing in the New Year with an Old Scam
AV Security 2012 is from the same family (often referred to as FakeScanti or WinAVPro) as many other types of fake security programs that use essentially-identical attacks, despite having different names and appearances. Examples of some of the relatives of AV Security 2012 that SpywareRemove.com malware experts have noted include Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013. Aside from some minor changes to their appearances, the only differential feature about these programs is the name. All of these AV Security 2012 clones, as well as AV Security 2012 itself, specialize in displaying fake system scans and fake system alerts to swindle you out of your money and credit card information. Since AV Security 2012 is incapable of detecting genuine infections or other dangers to your PC, you should ignore all of AV Security 2012's pop-ups and fake scanner features, since they will only display fake warning notifications.
The ultimate point of AV Security 2012's fake warnings, warnings and false detections is to make you purchase AV Security 2012's registration key to make all of these errors vanish. However, if you find it necessary to register AV Security 2012, you can use the free code 'DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B.'
A Look at the Fake Security That AV Security 2012 Promises
AV Security 2012 may be unable to provide real security features, but SpywareRemove.com malware experts have noted that AV Security 2012 is still very happy to provide security-reducing functions, although AV Security 2012 will try to pass the blame for these issues off on nonexistent Trojans, keyloggers and other PC threats. Some of the most prominent and visible side effects of a AV Security 2012 infection include:
- It redirects your web browser away from PC security sites or towards its own website. These redirect attacks can also make use of fake error messages that make it look like the site that you're trying to access is unsafe for your PC.
- Anti-malware programs may be unable to run while AV Security 2012 is active. Since AV Security 2012 will launch itself without your permission and will avoid shutting down even if AV Security 2012 appears to be closed, additional measures (such as a Safe Mode reboot) may be necessary to remove AV Security 2012 with an appropriate anti-malware application.
Aliases
Generic Backdoor [Panda]W32/FakeAV.IS!tr.bdr [Fortinet]Backdoor/Win32.Gbot [AhnLab-V3]Backdoor/Win32.Gbot.gen [Antiy-AVL]Win32/Cycbot.KC!generic [eTrust-Vet]TR/Kazy.47304 [AntiVir]BackDoor.Gbot.1589 [DrWeb]TrojWare.Win32.Kryptik.WPP [Comodo]Gen:Variant.Kazy.47304 [BitDefender]Backdoor.Win32.Gbot.rkq [Kaspersky]Win32:Cybota [Trj] [Avast]a variant of Win32/Kryptik.WSZ [NOD32]Trojan [K7AntiVirus]W32/Kryptik.AB!tr [Fortinet]Trojan/Win32.PornoAsset [AhnLab-V3]
More aliases (77)
More aliases (77)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%WINDIR%\system32\AV Security 2012v121.exe
File name: AV Security 2012v121.exeSize: 1.67 MB (1676800 bytes)
MD5: e973b9f221b8155e4842cb2104b5e873
Detection count: 199
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: November 11, 2011
%WINDIR%\system32\AV Security 2012v121.exe
File name: AV Security 2012v121.exeSize: 2 MB (2004992 bytes)
MD5: 2120e16552f2817c4c6267edaa3df1ab
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: November 11, 2011
%WINDIR%\system32\AV Security 2012v121.exe
File name: AV Security 2012v121.exeSize: 2.44 MB (2444800 bytes)
MD5: 9c94f759d10328fda4f0cc564464bd2e
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: November 11, 2011
%APPDATA%\VuuccS1iib3o\AV Security 2012v121.exe
File name: AV Security 2012v121.exeSize: 2.46 MB (2460160 bytes)
MD5: 9091485226bd249020d85f63d12e3860
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\VuuccS1iib3o
Group: Malware file
Last Updated: November 11, 2011
%PROGRAMFILES(x86)%\71346\lvvm.exe
File name: lvvm.exeSize: 182.27 KB (182272 bytes)
MD5: ebcd3086072280285592e8a5431adb5d
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\71346
Group: Malware file
Last Updated: November 18, 2011
%APPDATA%\E88AC\lvvm.exe
File name: lvvm.exeSize: 181.76 KB (181760 bytes)
MD5: 4be7306c6be0653a58711b269c8c05b8
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\E88AC
Group: Malware file
Last Updated: November 18, 2011
%APPDATA%\sWK7fEL9gZjCkV\AV Security 2012v121.exe
File name: AV Security 2012v121.exeSize: 2.45 MB (2451456 bytes)
MD5: f3fc11bff0fd9e735edc865fe66b8baf
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\sWK7fEL9gZjCkV
Group: Malware file
Last Updated: November 11, 2011
%SystemDrive%\RECYCLER\S-1-5-21-4168701361-1266486392-1090043892-1007\$4a52a1627ae1e67bebec74de81edea2d\n.
File name: n.Size: 74.24 KB (74240 bytes)
MD5: b40a6b8dc690cbd4e96bc16f6c4bee1c
Detection count: 12
Path: %SystemDrive%\RECYCLER\S-1-5-21-4168701361-1266486392-1090043892-1007\$4a52a1627ae1e67bebec74de81edea2d
Group: Malware file
Last Updated: October 5, 2012
%WINDIR%\SysWOW64\FVelOBtzPyAiDoF.exe
File name: FVelOBtzPyAiDoF.exeSize: 1.76 MB (1766912 bytes)
MD5: 0e54f12d5d681da60c2e66e3b7ace896
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: November 21, 2011
%SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe
File name: klmqm122y.exeSize: 49.15 KB (49152 bytes)
MD5: 00843c5975394889ed410dc2a6210d54
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953
Group: Malware file
Last Updated: November 14, 2011
%SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8961\s523lswp98.exe
File name: s523lswp98.exeSize: 49.15 KB (49152 bytes)
MD5: 5c1f32763786d045c2fe186d940a9ec5
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8961
Group: Malware file
Last Updated: November 14, 2011
%ALLUSERSPROFILE%\Application Data\v4xEDEgT.exe
File name: v4xEDEgT.exeSize: 134.65 KB (134656 bytes)
MD5: 43bf50f46e19710de986693bd7e056eb
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: November 14, 2011
%PROGRAMFILES%\LP\D258\ABE.exe
File name: ABE.exeSize: 283.64 KB (283648 bytes)
MD5: 949ba76d0246bc8dfd7c9920f5f329e0
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\LP\D258
Group: Malware file
Last Updated: November 14, 2011
%APPDATA%\Microsoft\8F8E\8F8.exe
File name: 8F8.exeSize: 284.67 KB (284672 bytes)
MD5: f4b81820a1e28d96e8e02b805b0a159c
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\8F8E
Group: Malware file
Last Updated: November 14, 2011
%PROGRAMFILES%\LP\20F1\454.exe
File name: 454.exeSize: 275.96 KB (275968 bytes)
MD5: 658716973a482d8eab0b76df55343337
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\LP\20F1
Group: Malware file
Last Updated: November 18, 2011
%Temp%\svhostu.exe
File name: %Temp%\svhostu.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\Windows\system32\[RANDOM CHARACTERS].exe
File name: C:\Windows\system32\[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\Windows\System32 AV Security 2012v121.exe
File name: C:\Windows\System32 AV Security 2012v121.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\
File name: %AppData%\[RANDOM CHARACTERS]\Group: Malware file
%AppData%\[RANDOM CHARACTERS]\AV Security 2012.ico
File name: %AppData%\[RANDOM CHARACTERS]\AV Security 2012.icoMime Type: unknown/ico
Group: Malware file
%AppData%\ldr.ini
File name: %AppData%\ldr.iniMime Type: unknown/ini
Group: Malware file
%StartMenu%\Programs\AV Security 2012\
File name: %StartMenu%\Programs\AV Security 2012\Group: Malware file
%StartMenu%\Programs\AV Security 2012\AV Security 2012.lnk
File name: %StartMenu%\Programs\AV Security 2012\AV Security 2012.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%System%\AV Security 2012v121.exe
File name: %System%\AV Security 2012v121.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\AV Security 2012.lnk
File name: %Desktop%\AV Security 2012.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59232
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59232
Additional Information
The following messages's were detected:
| # | Message |
|---|---|
| 1 | Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous. |
| 2 | Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately. |
| 3 | Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software. |
| 4 | Security Warning Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection. |
| 5 | Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC? |
| 6 | Warning! Infection found Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED. |
| 7 | Warning! Infection found Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer. Keylogger Zeus was detected and put in quarantine. Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails. |
| 8 | Warning! The file "firefox.exe" is infected. Running of application is impossible. Please activate your antivirus software. |
| 9 | Warning: Infection is Detected Windows has found spyware infection on your computer! Click here to update your Windows antivirus software |
| 10 | Warning: Spyware Detected Windows has found spy programs running on your computer! Click here to update your Windows antivirus software |
| 11 | Windows Security Alert To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Zeus Trojan Publisher: Unauthorized |
| 12 | Windows Security Center Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC? |
| 13 | svchost.exe svchost.exe was replaced with unauthorized program. It has encountered a problem and needs to close. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous. |
I have the virus AV Security 2012 and i am running on safe mode need it fixed or a way to contact microsoft please help.
Got stuck with "AV Security" and locked me out of just about ALL programs. Tried "Safe Mode"----absolutely useless! ! 🙁 Couldn't even run AVG, SpyBot, etc., in Safe
Mode. Had to do a non-destructive Recovery in W-XP. Lost a lot of info! 🙁 🙁 B E W A R E O F T H I S P R O G R A M! ! ! ! !
B E W A R E O F T H I S P R O G R A M ! ! Had to do a non-destructive recovery in W-XP 🙁 Lost lots of info! 🙁 Couldn't access AVG, etc. :(:(:(:(:(:(
I got this stupid thing and I can't afford to pay for the removal thing since I'm too young to have a credit card.Any help?
HELP i cant get rid of this satan made program some one tell me how 2 get rid of it please help