Home Malware Programs Rogue Anti-Spyware Programs AV Protection 2011

AV Protection 2011

Posted: November 17, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 101
First Seen: November 17, 2011
Last Seen: April 19, 2021
OS(es) Affected: Windows

AV Protection 2011 Screenshot 1AV Protection 2011 is a fake anti-virus program that disguises inaccurate system information in the form of security alerts and scanner results. Although all the information that AV Protection 2011 provides about your PC is false, the danger of having AV Protection 2011 on your PC is quite real, since AV Protection 2011 will attempt to steal your credit card information and money via product registration requests. Browser redirects and blocked security programs are also common symptoms of AV Protection 2011 infection; however, SpywareRemove.com malware researchers note that once AV Protection 2011 is deactivated by suitable anti-malware techniques, you can remove AV Protection 2011 with any reasonably-trustworthy anti-malware application.

AV Protection 2011 – a Timely Label for a Timeless Rogue Anti-Virus Program

Although AV Protection 2011 acts like a powerful and unique security program on the outside, AV Protection 2011's appearance, functions and even its marketing schemes are all copied from other forms of rogue security applications belonging to the FakeScanti such as {template:related_rogues] AV Protection 2011 utilizes a traditional PC security scam by pretending to detect various forms of PC threats on your PC and then presenting itself to remove them... for a price. However, all of AV Protection 2011's alerts are, in reality, fake, and SpywareRemove.com malware researchers have found that AV Protection 2011 is incapable of removing any type of real infection, including Trojans, keyloggers and worms.

You may also experience browser redirect attacks that force your browser to AV Protection 2011's website as another method of encouraging you to purchase AV Protection 2011, which is, obviously, not advisable.

Protecting Your PC from AV Protection 2011's Dishonest Marketing

Contact with AV Protection 2011's website may cause other attacks against your PC, and while AV Protection 2011 is active, you may experience file-display errors or problems accessing security programs. Registering AV Protection 2011 with the code 'DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B' can help to reduce these issues, but shouldn't be used as a substitute for deleting AV Protection 2011. The latter should always be done with a suitable anti-malware program, since AV Protection 2011 alters Windows components like the Registry and will try to resist removal.

Since AV Protection 2011 may also prevent you from using such programs, a Safe Mode system boot or a boot from a source that bypasses your Registry (such as a USB drive or CD) will launch Windows with AV Protection 2011 deactivated. Once this is done, SpywareRemove.com malware experts are happy to note that AV Protection 2011 can be removed with a simple anti-malware scan without permanent damage to Windows.

AV Protection 2011 Screenshot 2AV Protection 2011 Screenshot 3AV Protection 2011 Screenshot 4AV Protection 2011 Screenshot 5AV Protection 2011 Screenshot 6AV Protection 2011 Screenshot 7AV Protection 2011 Screenshot 8AV Protection 2011 Screenshot 9

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AV Protection 2011 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\Microsoft\DF28\170.exe File name: 170.exe
Size: 288.25 KB (288256 bytes)
MD5: 479b05ac7df08c56da00c86a69e68903
Detection count: 79
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\DF28\
Group: Malware file
Last Updated: November 18, 2011
%APPDATA%\zttxx00ucSi3oGa\AV Protection 2011v121.exe File name: AV Protection 2011v121.exe
Size: 2.91 MB (2913280 bytes)
MD5: a6caa3860626a49b39024e7444b9757a
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\zttxx00ucSi3oGa\
Group: Malware file
Last Updated: November 18, 2011
%AppData%\905F1\12EDD.exe File name: 12EDD.exe
Size: 175.1 KB (175104 bytes)
MD5: 17c183fdf8d2d9c44b9fa7ee3e7a1b1a
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\905F1\
Group: Malware file
Last Updated: November 18, 2011
%Programs%\AV Protection 2011\AV Protection 2011.lnk File name: %Programs%\AV Protection 2011\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%Temp%\8.tmp File name: %Temp%\8.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%AppData%\dwme.exe File name: %AppData%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\AV Protection 2011.lnk File name: %AppData%\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AppData%\246DE\ File name: %AppData%\246DE\
Group: Malware file
%AppData%\246DE\ED59.46D File name: %AppData%\246DE\ED59.46D
Mime Type: unknown/46D
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\ File name: %AppData%\[RANDOM CHARACTERS]\
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\AV Protection 2011.ico File name: %AppData%\[RANDOM CHARACTERS]\AV Protection 2011.ico
Mime Type: unknown/ico
Group: Malware file
%StartMenu%\Programs\AV Protection 2011\ File name: %StartMenu%\Programs\AV Protection 2011\
Group: Malware file
%StartMenu%\Programs\AV Protection 2011\AV Protection 2011.lnk File name: %StartMenu%\Programs\AV Protection 2011\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%ProgramFiles%\LP\ File name: %ProgramFiles%\LP\
Group: Malware file
%ProgramFiles%\LP\6AB2\ File name: %ProgramFiles%\LP\6AB2\
Group: Malware file
%ProgramFiles%\LP\6AB2\027.exe File name: %ProgramFiles%\LP\6AB2\027.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ProgramFiles%\DED59\ File name: %ProgramFiles%\DED59\
Group: Malware file
%ProgramFiles%\DED59\lvvm.exe File name: %ProgramFiles%\DED59\lvvm.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\dwme.exe File name: %Temp%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\AV Protection 2011v121.exe File name: %System%\AV Protection 2011v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

More files

Registry Modifications

The following newly produced Registry Values are:

File name without pathAV Protection 2011.lnkHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceListHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Additional Information

The following messages's were detected:
# Message
1Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
2Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
3Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
4Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
5svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
6Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.
7Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
8Warning!
The file "firefox.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
9Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
10Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
11Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
12Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

4 Comments