Internet Security 2012

Posted: January 20, 2012

Internet Security 2012 Description

Internet Security 2012 Screenshot 1Internet Security 2012 is a rogue antispyware program from the (or Rogue:Win32/FakeRean) family of scamware. Internet Security 2012, like other members of its family, uses fake warning messages to create a false appearance of your PC being under attack by multiple types of highly-invasive PC threats, and then requests that you buy Internet Security 2012 to remove all issues from your PC. However, SpywareRemove.com malware researchers have found that Internet Security 2012 isn't any better at removing trojans or viruses than any other member of the FakeRean group of rogue antispyware products. Until you delete Internet Security 2012 with a real antispyware program, in addition to having to deal with barrages of fake system alerts, you may also be attacked by browser redirects or malfunctions in PC security applications.

Internet Security 2012 – a Little Humbler Than Its Predecessors... but Just as Hostile to Your PC

Internet Security 2012, is a member of the same subgroup as Internet Security 201 may eschew the Windows-related acronyms that are often used by its kin, but the 'security' portion of Internet Security 2012's moniker is just as inaccurate as it is for any of the above examples. Although Internet Security 2012 can't detect actual problems with your PC, once installed (typically by a trojan such as Zlob), Internet Security 2012 will, nevertheless, spend a great deal of time generating inaccurate pop-ups about fake infections. SpywareRemove.com malware experts have noted a voluminous list of examples for these errors, including the following samples:

Spyware alarm!
Our scan has reported that pieces of malicious spyware code are present on your hard drive. To get rid of security threats, click here for a Internet Security 2012 scan.

Windows Security Center reports that Internet Security 2012 is enable. Internet Security 2012helps to protect your computer against viruses and other security threats. Click Recommendations for the suggested actions. Your system might be at risk now.
Note: Windows has detected an unregistered version of Internet Security 2012

Trojan detected!
A piece of malicious code was found in your system which can replicate itself if no action is taken. Clicked here to have your system cleaned by Internet Security 2012.

WARNING! Internet Security 2012 has found [random number] useless and UNWANTED files on your computer!

Because Internet Security 2012 can't actually-remove the PC threats that it claims to guard against, there's no reason to purchase Internet Security 2012's services, and this may actually endanger your financial information if you choose to do so. SpywareRemove.com malware analysts recommend that you treat any contact with Internet Security 2012 to be equivalent to a breach of your computer's security; however, the sooner an immediate scan of your PC by real anti-malware software is undergone, the less chance Internet Security 2012 will ever have to do any lasting damage.

A Peek at the Details That Internet Security 2012 Doesn't Want You to Find

Internet Security 2012, unlike benign software, will attempt to launch itself automatically and doesn't offer any way to turn this 'feature' off. Modern variants of FakeRean scamware like Internet Security 2012 may also hook their startup routines into .exe file behavior so that any launched executable file will also re-launch Internet Security 2012. Internet Security 2012 may also include browser-redirecting functions that force your browser to load Internet Security 2012's website. SpywareRemove.com malware experts recommend that you treat your PC as potentially reinfected after any visit to Internet Security 2012's site, particularly if it's due to a redirect.

Finally, Internet Security 2012 may also attempt to replace Windows Security Center with a fake applet that links to Internet Security 2012's site. You should avoid interaction with this applet and try to remove Internet Security 2012 with suitable anti-malware products to regain access to the real Security Center. As can be guessed from the above attack, Internet Security 2012 is specific to Windows, and, like all FakeRean-based types of rogue anti-malware programs, is unable to function in non-Windows environments to any significant degree.

Internet Security 2012 Screenshot 2Internet Security 2012 Screenshot 3Internet Security 2012 Screenshot 4Internet Security 2012 Screenshot 5Internet Security 2012 Screenshot 6Internet Security 2012 Screenshot 7

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Internet Security 2012 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications


The following newly produced Registry Values are:

ClsidHKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"HKEY_CURRENT_USER\Software\Microsoft "adver_id" = "29"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\Internet Security 2012.exe" /sn"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\Internet Security 2012.exeHKEY_CURRENT_USER\Software\Microsoft\Installer\Products\[RANDOM]HKEY_CLASSES_ROOT\BrcWizApp.BrcWizHKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}HKEY_CURRENT_USER\Software\Internet Security 2012HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}HKEY_LOCAL_MACHINE\SOFTWARE\ISECURITY.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Internet Security 2012"HLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ISECURITY.EXE"

Additional Information

The following messages's were detected:
# Message
1[filename] can not start
File [filename] is infected by W32/Blaster.worm.
Please activate Internet Security 2012 to protect your computer.
2Firewall Warning
Hidden file transfers to remote host has been detected.
has detected a leak of your files through the Internet. We strongly recommend that you block the attack immediately.
3notepad.exe can not start
File notepad.exe is infected by W32/Blaster.worm. Please activate Internet Security 2012 to protect your computer.
4Security Warning
Malicious program has been detected. Click here to protect your computer.

Related Posts

4 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.