Home Malware Programs Rogue Anti-Spyware Programs AV Security 2012

AV Security 2012

Posted: November 9, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 693
First Seen: November 9, 2011
Last Seen: April 19, 2021
OS(es) Affected: Windows

AV Security 2012 Screenshot 1On the outside, AV Security 2012 appears to be an anti-malware program that detects viruses, Trojans and other types of PC threats, but as far as its actual code is concerned, AV Security 2012 is nothing more than a series of fake warnings and requests to take your money. SpywareRemove.com malware research team has found that AV Security 2012 lacks anything that could resemble legitimate security-related features and may even attack your PC directly with browser hijacks and software blacklists that prevent you from using real anti-malware programs. However, as long as you avoid purchasing AV Security 2012, you will not have lost anything permanent in the time that it takes you to use standard anti-malware techniques and software to find and remove AV Security 2012 from your PC.

AV Security 2012: Ringing in the New Year with an Old Scam

AV Security 2012 is from the same family (often referred to as FakeScanti or WinAVPro) as many other types of fake security programs that use essentially-identical attacks, despite having different names and appearances. Examples of some of the relatives of AV Security 2012 that SpywareRemove.com malware experts have noted include Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, Sphere Security 2012, AV Protection 2011, Security Guard 2012, Super AV 2013 and OpenCloud AV. Aside from some minor changes to their appearances, the only differential feature about these programs is the name. All of these AV Security 2012 clones, as well as AV Security 2012 itself, specialize in displaying fake system scans and fake system alerts to swindle you out of your money and credit card information. Since AV Security 2012 is incapable of detecting genuine infections or other dangers to your PC, you should ignore all of AV Security 2012's pop-ups and fake scanner features, since they will only display fake warning notifications.

The ultimate point of AV Security 2012's fake warnings, warnings and false detections is to make you purchase AV Security 2012's registration key to make all of these errors vanish. However, if you find it necessary to register AV Security 2012, you can use the free code 'DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B.'

A Look at the Fake Security That AV Security 2012 Promises

AV Security 2012 may be unable to provide real security features, but SpywareRemove.com malware experts have noted that AV Security 2012 is still very happy to provide security-reducing functions, although AV Security 2012 will try to pass the blame for these issues off on nonexistent Trojans, keyloggers and other PC threats. Some of the most prominent and visible side effects of a AV Security 2012 infection include:

  • It redirects your web browser away from PC security sites or towards its own website. These redirect attacks can also make use of fake error messages that make it look like the site that you're trying to access is unsafe for your PC.
  • Anti-malware programs may be unable to run while AV Security 2012 is active. Since AV Security 2012 will launch itself without your permission and will avoid shutting down even if AV Security 2012 appears to be closed, additional measures (such as a Safe Mode reboot) may be necessary to remove AV Security 2012 with an appropriate anti-malware application.


AV Security 2012 Screenshot 2AV Security 2012 Screenshot 3AV Security 2012 Screenshot 4AV Security 2012 Screenshot 5AV Security 2012 Screenshot 6AV Security 2012 Screenshot 7AV Security 2012 Screenshot 8AV Security 2012 Screenshot 9AV Security 2012 Screenshot 10AV Security 2012 Screenshot 11

Aliases

Generic Backdoor [Panda]W32/FakeAV.IS!tr.bdr [Fortinet]Backdoor/Win32.Gbot [AhnLab-V3]Backdoor/Win32.Gbot.gen [Antiy-AVL]Win32/Cycbot.KC!generic [eTrust-Vet]TR/Kazy.47304 [AntiVir]BackDoor.Gbot.1589 [DrWeb]TrojWare.Win32.Kryptik.WPP [Comodo]Gen:Variant.Kazy.47304 [BitDefender]Backdoor.Win32.Gbot.rkq [Kaspersky]Win32:Cybota [Trj] [Avast]a variant of Win32/Kryptik.WSZ [NOD32]Trojan [K7AntiVirus]W32/Kryptik.AB!tr [Fortinet]Trojan/Win32.PornoAsset [AhnLab-V3]
More aliases (77)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AV Security 2012 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%PROGRAMFILES(x86)%\71346\lvvm.exe File name: lvvm.exe
Size: 182.27 KB (182272 bytes)
MD5: ebcd3086072280285592e8a5431adb5d
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\71346\
Group: Malware file
Last Updated: November 18, 2011
%SystemDrive%\RECYCLER\S-1-5-21-4168701361-1266486392-1090043892-1007\$4a52a1627ae1e67bebec74de81edea2d\n. File name: n.
Size: 74.24 KB (74240 bytes)
MD5: b40a6b8dc690cbd4e96bc16f6c4bee1c
Detection count: 12
Path: %SystemDrive%\RECYCLER\S-1-5-21-4168701361-1266486392-1090043892-1007\$4a52a1627ae1e67bebec74de81edea2d\
Group: Malware file
Last Updated: October 5, 2012
%WINDIR%\SysWOW64\FVelOBtzPyAiDoF.exe File name: FVelOBtzPyAiDoF.exe
Size: 1.76 MB (1766912 bytes)
MD5: 0e54f12d5d681da60c2e66e3b7ace896
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64\
Group: Malware file
Last Updated: November 21, 2011
%SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe File name: klmqm122y.exe
Size: 49.15 KB (49152 bytes)
MD5: 00843c5975394889ed410dc2a6210d54
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\
Group: Malware file
Last Updated: November 14, 2011
%SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8961\s523lswp98.exe File name: s523lswp98.exe
Size: 49.15 KB (49152 bytes)
MD5: 5c1f32763786d045c2fe186d940a9ec5
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8961\
Group: Malware file
Last Updated: November 14, 2011
%ALLUSERSPROFILE%\Application Data\v4xEDEgT.exe File name: v4xEDEgT.exe
Size: 134.65 KB (134656 bytes)
MD5: 43bf50f46e19710de986693bd7e056eb
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: November 14, 2011
%PROGRAMFILES%\LP\D258\ABE.exe File name: ABE.exe
Size: 283.64 KB (283648 bytes)
MD5: 949ba76d0246bc8dfd7c9920f5f329e0
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\LP\D258\
Group: Malware file
Last Updated: November 14, 2011
%APPDATA%\Microsoft\8F8E\8F8.exe File name: 8F8.exe
Size: 284.67 KB (284672 bytes)
MD5: f4b81820a1e28d96e8e02b805b0a159c
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\8F8E\
Group: Malware file
Last Updated: November 14, 2011
%PROGRAMFILES%\LP\20F1\454.exe File name: 454.exe
Size: 275.96 KB (275968 bytes)
MD5: 658716973a482d8eab0b76df55343337
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\LP\20F1\
Group: Malware file
Last Updated: November 18, 2011
%Temp%\svhostu.exe File name: %Temp%\svhostu.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\Windows\system32\[RANDOM CHARACTERS].exe File name: C:\Windows\system32\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\Windows\System32 AV Security 2012v121.exe File name: C:\Windows\System32 AV Security 2012v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\ File name: %AppData%\[RANDOM CHARACTERS]\
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\AV Security 2012.ico File name: %AppData%\[RANDOM CHARACTERS]\AV Security 2012.ico
Mime Type: unknown/ico
Group: Malware file
%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%StartMenu%\Programs\AV Security 2012\ File name: %StartMenu%\Programs\AV Security 2012\
Group: Malware file
%StartMenu%\Programs\AV Security 2012\AV Security 2012.lnk File name: %StartMenu%\Programs\AV Security 2012\AV Security 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%System%\AV Security 2012v121.exe File name: %System%\AV Security 2012v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\AV Security 2012.lnk File name: %Desktop%\AV Security 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

More files

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59232

Additional Information

The following messages's were detected:
# Message
1Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
2Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
3Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
4Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
5Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
6svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
7Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.
8Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
9Warning!
The file "firefox.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
10Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
11Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
12Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
13Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

5 Comments

  • Brian says:

    I have the virus AV Security 2012 and i am running on safe mode need it fixed or a way to contact microsoft please help.

  • Patrick says:

    Got stuck with "AV Security" and locked me out of just about ALL programs. Tried "Safe Mode"----absolutely useless! ! 🙁 Couldn't even run AVG, SpyBot, etc., in Safe
    Mode. Had to do a non-destructive Recovery in W-XP. Lost a lot of info! 🙁 🙁 B E W A R E O F T H I S P R O G R A M! ! ! ! !

  • Patrick says:

    B E W A R E O F T H I S P R O G R A M ! ! Had to do a non-destructive recovery in W-XP 🙁 Lost lots of info! 🙁 Couldn't access AVG, etc. :(:(:(:(:(:(

  • Steve says:

    I got this stupid thing and I can't afford to pay for the removal thing since I'm too young to have a credit card.Any help?

  • Dyllan says:

    HELP i cant get rid of this satan made program some one tell me how 2 get rid of it please help