AV Protection 2012
Posted: November 23, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 94 |
First Seen: | November 23, 2011 |
---|---|
Last Seen: | October 27, 2020 |
OS(es) Affected: | Windows |
AV Protection 2012 is a member of the FakeScanti family of rogue anti-virus programs, and continues the family tradition of creating fake pop-up warnings and alerts to present false information about the presence of infections on your PC. Although its name implies a state-of-the-art set of brand-new features, SpywareRemove.com malware researchers have found that AV Protection 2012 indulges in the same attacks that are already overused by other types of fake AV products, including browser hijacks and blocking real security programs. If your PC has been attacked by AV Protection 2012, you should ignore AV Protection 2012's multitude of purchase requests and, instead, delete AV Protection 2012 by using standard anti-malware strategies and software.
Why AV Protection 2012 Has Zero Interest in Protecting Your PC
AV Protection 2012 has the basic look and feel of a normal anti-virus scanner, but SpywareRemove.com malware analysts have (as expected) found that AV Protection 2012 has no ability to detect or delete viruses. AV Protection 2012 makes up for this shortcoming by using several methods to create fake alerts instead of real PC threat warnings, and may supplement this bad information with a range of other attacks. Common signs of infection by AV Protection 2012 and other FakeScanti rogue AV programs include:
- A desktop background image that's been changed to a threatening alert message.
- The appearance of AV Protection 2012 or another scanner-like program that pretends to scan your PC every time Windows loads (and always finds a wide range of infections on your computer).
- Pop-ups that request that you purchase an activation or registration key for AV Protection 2012 to cleanse these supposed infections.
- Fake Windows Security Center windows that lead you to AV Protection 2012 or AV Protection 2012's website.
- A broad range of totally-blocked software, including basic Windows programs and anti-malware tools.
- System tray-based pop-up balloons that display unusual warning messages.
- Spontaneous Windows reboots.
- Blocked access to safe websites, especially sites that could assist you with removing AV Protection 2012.
The overall effect of these attacks makes it appear as though you should activate AV Protection 2012 quickly to fix your PC, but since AV Protection 2012 is the actual cause behind all of these problems, SpywareRemove.com malware experts strongly advise against such a course of action.
Entering 2012 with an AV Protection 2012-Free Computer
Although a competent anti-malware scanner is your best bet to rid your PC of AV Protection 2012 and other variants of FakeScanti, AV Protection 2012 itself may attempt to block any programs that could remove AV Protection 2012. There are several methods that SpywareRemove.com malware researchers have noted to be effective at working around AV Protection 2012's application barricade, such as:
- Renaming the anti-malware program's .exe file to coincide with an allowed program such as iexplore.exe or explorer.exe
- Rebooting your PC into Safe Mode to stop AV Protection 2012 from launching itself.
- Booting Windows from a CD or USB drive.
You should also be aware of the possibility of affiliated infections that may install other variants from the FakeScanti family like Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013. With regards to AV Protection 2012 specifically, SpywareRemove.com malware researchers have noted that the following codes may deactivate AV Protection 2012 by faking the registration process: '1225242171,' '1196121858' and '1354156739.'
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\ldr.ini
File name: %AppData%\ldr.iniMime Type: unknown/ini
Group: Malware file
%AppData%\[RANDOM SYMBOLS]\AV Protection 2012.ico
File name: %AppData%\[RANDOM SYMBOLS]\AV Protection 2012.icoMime Type: unknown/ico
Group: Malware file
%AppData%\svhostu.exe
File name: %AppData%\svhostu.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AV Protection 2012HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM SYMBOLS].exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.