AV Protection 2011

Posted: November 17, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	105

First Seen:	November 17, 2011
Last Seen:	August 17, 2022
OS(es) Affected:	Windows

AV Protection 2011 is a fake anti-virus program that disguises inaccurate system information in the form of security alerts and scanner results. Although all the information that AV Protection 2011 provides about your PC is false, the danger of having AV Protection 2011 on your PC is quite real, since AV Protection 2011 will attempt to steal your credit card information and money via product registration requests. Browser redirects and blocked security programs are also common symptoms of AV Protection 2011 infection; however, SpywareRemove.com malware researchers note that once AV Protection 2011 is deactivated by suitable anti-malware techniques, you can remove AV Protection 2011 with any reasonably-trustworthy anti-malware application.

AV Protection 2011 – a Timely Label for a Timeless Rogue Anti-Virus Program

Although AV Protection 2011 acts like a powerful and unique security program on the outside, AV Protection 2011's appearance, functions and even its marketing schemes are all copied from other forms of rogue security applications belonging to the FakeScanti such as {template:related_rogues] AV Protection 2011 utilizes a traditional PC security scam by pretending to detect various forms of PC threats on your PC and then presenting itself to remove them... for a price. However, all of AV Protection 2011's alerts are, in reality, fake, and SpywareRemove.com malware researchers have found that AV Protection 2011 is incapable of removing any type of real infection, including Trojans, keyloggers and worms.

You may also experience browser redirect attacks that force your browser to AV Protection 2011's website as another method of encouraging you to purchase AV Protection 2011, which is, obviously, not advisable.

Protecting Your PC from AV Protection 2011's Dishonest Marketing

Contact with AV Protection 2011's website may cause other attacks against your PC, and while AV Protection 2011 is active, you may experience file-display errors or problems accessing security programs. Registering AV Protection 2011 with the code 'DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B' can help to reduce these issues, but shouldn't be used as a substitute for deleting AV Protection 2011. The latter should always be done with a suitable anti-malware program, since AV Protection 2011 alters Windows components like the Registry and will try to resist removal.

Since AV Protection 2011 may also prevent you from using such programs, a Safe Mode system boot or a boot from a source that bypasses your Registry (such as a USB drive or CD) will launch Windows with AV Protection 2011 deactivated. Once this is done, SpywareRemove.com malware experts are happy to note that AV Protection 2011 can be removed with a simple anti-malware scan without permanent damage to Windows.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\zttxx00ucSi3oGa\AV Protection 2011v121.exe

File name: AV Protection 2011v121.exe
Size: 2.91 MB (2913280 bytes)
MD5: a6caa3860626a49b39024e7444b9757a
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\zttxx00ucSi3oGa
Group: Malware file
Last Updated: November 18, 2011

%WINDIR%\SysWOW64\AV Protection 2011v121.exe

File name: AV Protection 2011v121.exe
Size: 2.9 MB (2905600 bytes)
MD5: ff2ec87ef7291b365214c837efc37f68
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: November 18, 2011

%WINDIR%\system32\AV Protection 2011v121.exe

File name: AV Protection 2011v121.exe
Size: 2.91 MB (2916352 bytes)
MD5: 5b1f59ac2214391122528d4d0e94e58c
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: November 18, 2011

%AppData%\905F1\12EDD.exe

File name: 12EDD.exe
Size: 175.1 KB (175104 bytes)
MD5: 17c183fdf8d2d9c44b9fa7ee3e7a1b1a
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\905F1
Group: Malware file
Last Updated: November 18, 2011

%APPDATA%\S88fRR99hXjUeIr\AV Protection 2011v121.exe

File name: AV Protection 2011v121.exe
Size: 2.91 MB (2917376 bytes)
MD5: cf14de5d101e53f456596c4442282f60
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\S88fRR99hXjUeIr
Group: Malware file
Last Updated: November 18, 2011

%APPDATA%\wJ77ddEK8gRZ9Yj\AV Protection 2011v121.exe

File name: AV Protection 2011v121.exe
Size: 2.92 MB (2920448 bytes)
MD5: 3f742885983894d8e29b35512f0f93f9
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\wJ77ddEK8gRZ9Yj
Group: Malware file
Last Updated: November 18, 2011

%APPDATA%\BkUUVVelOBtz0yA\AV Protection 2011v121.exe

File name: AV Protection 2011v121.exe
Size: 2.91 MB (2919424 bytes)
MD5: 6cfee191a83d59ed0c406ade680e280c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BkUUVVelOBtz0yA
Group: Malware file
Last Updated: November 18, 2011

%WINDIR%\system32\AV Protection 2011v121.exe

File name: AV Protection 2011v121.exe
Size: 2 MB (2007040 bytes)
MD5: 3ca46f40d191dc769d84f19c8546a429
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: August 17, 2022

%Programs%\AV Protection 2011\AV Protection 2011.lnk

File name: %Programs%\AV Protection 2011\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%AppData%\ldr.ini

File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file

%Temp%\8.tmp

File name: %Temp%\8.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file

%AppData%\dwme.exe

File name: %AppData%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%AppData%\AV Protection 2011.lnk

File name: %AppData%\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%AppData%\246DE\

File name: %AppData%\246DE\
Group: Malware file

%AppData%\246DE\ED59.46D

File name: %AppData%\246DE\ED59.46D
Mime Type: unknown/46D
Group: Malware file

%AppData%\[RANDOM CHARACTERS]\

File name: %AppData%\[RANDOM CHARACTERS]\
Group: Malware file

%AppData%\[RANDOM CHARACTERS]\AV Protection 2011.ico

File name: %AppData%\[RANDOM CHARACTERS]\AV Protection 2011.ico
Mime Type: unknown/ico
Group: Malware file

%StartMenu%\Programs\AV Protection 2011\

File name: %StartMenu%\Programs\AV Protection 2011\
Group: Malware file

%StartMenu%\Programs\AV Protection 2011\AV Protection 2011.lnk

File name: %StartMenu%\Programs\AV Protection 2011\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%ProgramFiles%\LP\

File name: %ProgramFiles%\LP\
Group: Malware file

%ProgramFiles%\LP\6AB2\

File name: %ProgramFiles%\LP\6AB2\
Group: Malware file

%ProgramFiles%\LP\6AB2\027.exe

File name: %ProgramFiles%\LP\6AB2\027.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%ProgramFiles%\DED59\

File name: %ProgramFiles%\DED59\
Group: Malware file

%ProgramFiles%\DED59\lvvm.exe

File name: %ProgramFiles%\DED59\lvvm.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%Temp%\dwme.exe

File name: %Temp%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%System%\AV Protection 2011v121.exe

File name: %System%\AV Protection 2011v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

File name without pathAV Protection 2011.lnkHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceListHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Additional Information

The following messages's were detected:

#	Message
1	Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately.
2	Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software.
3	Security Warning Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
4	Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
5	Warning! Infection found Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.
6	Warning! Infection found Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer. Keylogger Zeus was detected and put in quarantine. Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
7	Warning! The file "firefox.exe" is infected. Running of application is impossible. Please activate your antivirus software.
8	Warning: Infection is Detected Windows has found spyware infection on your computer! Click here to update your Windows antivirus software
9	Warning: Spyware Detected Windows has found spy programs running on your computer! Click here to update your Windows antivirus software
10	Windows Security Alert To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Zeus Trojan Publisher: Unauthorized
11	Windows Security Center Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
12	svchost.exe svchost.exe was replaced with unauthorized program. It has encountered a problem and needs to close. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

4 Comments

Hailey says:

November 19, 2011 at 9:46 am

THIS STUPID AV PRO. 2011 will NOT get off my computer. Is there any way I can call the people in charge of the company that makes this shit?
Marian says:

November 20, 2011 at 8:30 pm

How can I get out of AV Protection 2011 and receive credit to my card?
amity says:

November 21, 2011 at 7:15 pm

i hate the AV protection 2011 i cant get on microsoft work to do my work !!!! >:/
Faustina Lucik says:

February 18, 2012 at 1:40 pm

I tried it but im confused when running regedit which malicious files i am looking for