Internet Security 2012
Internet Security 2012 Description
Internet Security 2012 is a rogue antispyware program from the FakeRean (or Rogue:Win32/FakeRean) family of scamware.
Internet Security 2012 – a Little Humbler Than Its Predecessors… but Just as Hostile to Your PC
Internet Security 2012, is a member of the same subgroup as ThinkPoint, Win 8 Security Suite 2013, Win 7 Internet Security Pro 2013, Win 7 Internet Security 2011, Win 7 Antivirus 2013, Vista Antivirus 2013, Win 8 Antivirus 2013, Antivirus Pro 2009, Vista Home Security 2013, XP Anti-Virus 2011, Win 7 Internet Security 2013, Vista Security 2013, Spyware Protection 2010, Win 7 Security Plus 2013, XP Home Security 2013, Vista Internet Security 2012, Internet Protector, XP Security 2013, Win 7 Smart Defender Pro, Win 8 Antispyware 2013, Vista Security Plus 2013, Privacy Protection, XP Internet Security Pro 2013, AntiSpy Safeguard, Internet Security, Win 7 Security 2013, Win 7 Security Cleaner Pro, Windows Essentials Pro 2013, XP Total Security 2013, Win 8 Security System, Vista Defender, Windows 7 Antispyware 2012, XP Antivirus 2013, XP Internet Security 2012, Vista Antispyware 2013, XP Security 2012, Windows 7 Internet Security 2012, Windows XP Internet Security 2012, Win 7 AntiVirus 2012, Antispyware Pro 2012, PC Defender Plus, Win 7 Security 2012, Win 7 Home Security Pro 2013, Vista Antivirus 2012, Antivirus2008Pro, Windows Vista Internet Security 2012, Vista Antivirus 2008, Windows Vista Security 2012, Palladium Pro, Vista Security Cleaner Pro, Windows Vista Antivirus 2012, XP Antispyware 2013, PCclean Pro, XP Security Cleaner Pro, Internet Security 2013, XP Internet Security 2013, Vista Smart Defender Pro, Win 8 Home Security 2013, Win 7 Internet Security 2012, XPdefender, CleanThis, Win Server Defender, XP Security Plus 2013, Win 7/XP/Vista Protection 2013, Win 7 Antispyware 2013, Win 8 Defender 2013, Win 7 Home Security 2013, XP Smart Defender Pro, Win 7/Win 8/XP Defender 2013, Antivirus2008, Vista Security 2012, XP Home Security 2012, Vista Antivirus 2008, Win 7 Defender, Win 7/Vista/XP Smart Defender, Windows Antivirus 2008 and AntivirusXP 2008. Internet Security 201 may eschew the Windows-related acronyms that are often used by its kin, but the ‘security’ portion of Internet Security 2012′s moniker is just as inaccurate as it is for any of the above examples. Although Internet Security 2012 can’t detect actual problems with your PC, once installed (typically by a trojan such as Zlob), Internet Security 2012 will, nevertheless, spend a great deal of time generating inaccurate pop-ups about fake infections. SpywareRemove.com malware experts have noted a voluminous list of examples for these errors, including the following samples:
Spyware alarm!
Our scan has reported that pieces of malicious spyware code are present on your hard drive. To get rid of security threats, click here for a Internet Security 2012 scan.
Windows Security Center reports that Internet Security 2012 is enable. Internet Security 2012helps to protect your computer against viruses and other security threats. Click Recommendations for the suggested actions. Your system might be at risk now.
Note: Windows has detected an unregistered version of Internet Security 2012
Trojan detected!
A piece of malicious code was found in your system which can replicate itself if no action is taken. Clicked here to have your system cleaned by Internet Security 2012.
WARNING! Internet Security 2012 has found [random number] useless and UNWANTED files on your computer!
Because Internet Security 2012 can’t actually-remove the PC threats that it claims to guard against, there’s no reason to purchase Internet Security 2012′s services, and this may actually endanger your financial information if you choose to do so. SpywareRemove.com malware analysts recommend that you treat any contact with Internet Security 2012 to be equivalent to a breach of your computer’s security; however, the sooner an immediate scan of your PC by real anti-malware software is undergone, the less chance Internet Security 2012 will ever have to do any lasting damage.
A Peek at the Details That Internet Security 2012 Doesn’t Want You to Find
Internet Security 2012, unlike benign software, will attempt to launch itself automatically and doesn’t offer any way to turn this ‘feature’ off. Modern variants of FakeRean scamware like Internet Security 2012 may also hook their startup routines into .exe file behavior so that any launched executable file will also re-launch Internet Security 2012. Internet Security 2012 may also include browser-redirecting functions that force your browser to load Internet Security 2012′s website. SpywareRemove.com malware experts recommend that you treat your PC as potentially reinfected after any visit to Internet Security 2012′s site, particularly if it’s due to a redirect.
Finally, Internet Security 2012 may also attempt to replace Windows Security Center with a fake applet that links to Internet Security 2012′s site. You should avoid interaction with this applet and try to remove Internet Security 2012 with suitable anti-malware products to regain access to the real Security Center. As can be guessed from the above attack, Internet Security 2012 is specific to Windows, and, like all FakeRean-based types of rogue anti-malware programs, is unable to function in non-Windows environments to any significant degree.
Internet Security 2012 Automatic Detection Tool (Recommended)
Is your PC infected with Internet Security 2012? To safely & quickly detect Internet Security 2012, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Internet Security 2012
What happens if Internet Security 2012 does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %USERPROFILE%\ Application Data\ isecurity.exe 98 2 %USERPROFILE%\ Application Data\ isecurity.exe 28 3 %CommonPrograms%\Internet Security 2012\Internet Security 2012.lnk N/A 4 %ProgramFiles%\Internet Security 2012\Internet Security 2012.exe N/A 5 %UserProfile%\.Internet Security 2012 N/A 6 %Documents and Settings%\All Users\Application Data\[RANDOM]\defender.exe N/A 7 %Documents and Settings%\All Users\Application Data\[RANDOM]\Internet Security 2012.exe N/A 8 %Documents and Settings%\All Users\Application Data\[RANDOM]\[RANDOM].exe N/A 9 %Documents and Settings%\[UserName]\asr.dat N/A 10 %Documents and Settings%\[UserName]\Application Data\1tmp.bat N/A 11 %WINDOWS%\Prefetch\ISECURITY.EXE-1824C86D.pf N/A 12 %AppData%\isecurity.exe N/A 13 %TEMP%\winupd.exe N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}Internet Security 2012HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft "adver_id" = "29"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\Internet Security 2012.exe" /sn"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\BrcWizApp.BrcWizHKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}HKEY_CURRENT_USER\Software\Internet Security 2012HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\[RANDOM]HKEY_LOCAL_MACHINE\Software\Internet Security 2012.exeHKEY_LOCAL_MACHINE\SOFTWARE\ISECURITY.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Internet Security 2012"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ISECURITY.EXE"HLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM]" - The following CLSID's were detected:
HKEY..\..\{CLSID Path} HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}
Additional Information
- The following messages's were detected:
# Message 1 Firewall Warning
Hidden file transfers to remote host has been detected.
has detected a leak of your files through the Internet. We strongly recommend that you block the attack immediately.2 notepad.exe can not start
File notepad.exe is infected by W32/Blaster.worm. Please activate Internet Security 2012 to protect your computer.3 Security Warning
Malicious program has been detected. Click here to protect your computer.4 [filename] can not start
File [filename] is infected by W32/Blaster.worm.
Please activate Internet Security 2012 to protect your computer.
Posted: January 20, 2012 | By SpywareRemove
MoreThreat Level: 10/10
(3 votes, average: 4.67 out of 5)
Loading ...Rate this article:
Detection Count: 4,771
Internet Security 2012 was a complete waste of my time. I hate these hackers and wish they would all die. Good to know there is help out of this mess.
i unplged my interne and plug it back in and it was goon loged onf my pc loged back on and my anti vireus softwere let me remove it
can i go in and remove these additions manually from cdrive?
damnnnn