Home Malware Programs Rogue Anti-Spyware Programs Internet Security 2012

Internet Security 2012

Posted: January 20, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 25
First Seen: January 20, 2012
OS(es) Affected: Windows

Internet Security 2012 Screenshot 1Internet Security 2012 is a rogue antispyware program from the FakeRean (or Rogue:Win32/FakeRean) family of scamware. Internet Security 2012, like other members of its family, uses fake warning messages to create a false appearance of your PC being under attack by multiple types of highly-invasive PC threats, and then requests that you buy Internet Security 2012 to remove all issues from your PC. However, SpywareRemove.com malware researchers have found that Internet Security 2012 isn't any better at removing trojans or viruses than any other member of the FakeRean group of rogue antispyware products. Until you delete Internet Security 2012 with a real antispyware program, in addition to having to deal with barrages of fake system alerts, you may also be attacked by browser redirects or malfunctions in PC security applications.

Internet Security 2012 – a Little Humbler Than Its Predecessors... but Just as Hostile to Your PC

Internet Security 2012, is a member of the same subgroup as Antivirus 2008 Pro, Windows Antivirus 2008, Vista Antivirus 2008, Antivirus XP 2008, PC Clean Pro, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, Rogue.Vista Antivirus 2008, XP Home Security 2012, XP Security 2012 and AntiVirus PRO 2015. Internet Security 201 may eschew the Windows-related acronyms that are often used by its kin, but the 'security' portion of Internet Security 2012's moniker is just as inaccurate as it is for any of the above examples. Although Internet Security 2012 can't detect actual problems with your PC, once installed (typically by a trojan such as Zlob), Internet Security 2012 will, nevertheless, spend a great deal of time generating inaccurate pop-ups about fake infections. SpywareRemove.com malware experts have noted a voluminous list of examples for these errors, including the following samples:

Spyware alarm!
Our scan has reported that pieces of malicious spyware code are present on your hard drive. To get rid of security threats, click here for a Internet Security 2012 scan.

Windows Security Center reports that Internet Security 2012 is enable. Internet Security 2012helps to protect your computer against viruses and other security threats. Click Recommendations for the suggested actions. Your system might be at risk now.
Note: Windows has detected an unregistered version of Internet Security 2012

Trojan detected!
A piece of malicious code was found in your system which can replicate itself if no action is taken. Clicked here to have your system cleaned by Internet Security 2012.

WARNING! Internet Security 2012 has found [random number] useless and UNWANTED files on your computer!

Because Internet Security 2012 can't actually-remove the PC threats that it claims to guard against, there's no reason to purchase Internet Security 2012's services, and this may actually endanger your financial information if you choose to do so. SpywareRemove.com malware analysts recommend that you treat any contact with Internet Security 2012 to be equivalent to a breach of your computer's security; however, the sooner an immediate scan of your PC by real anti-malware software is undergone, the less chance Internet Security 2012 will ever have to do any lasting damage.

A Peek at the Details That Internet Security 2012 Doesn't Want You to Find

Internet Security 2012, unlike benign software, will attempt to launch itself automatically and doesn't offer any way to turn this 'feature' off. Modern variants of FakeRean scamware like Internet Security 2012 may also hook their startup routines into .exe file behavior so that any launched executable file will also re-launch Internet Security 2012. Internet Security 2012 may also include browser-redirecting functions that force your browser to load Internet Security 2012's website. SpywareRemove.com malware experts recommend that you treat your PC as potentially reinfected after any visit to Internet Security 2012's site, particularly if it's due to a redirect.

Finally, Internet Security 2012 may also attempt to replace Windows Security Center with a fake applet that links to Internet Security 2012's site. You should avoid interaction with this applet and try to remove Internet Security 2012 with suitable anti-malware products to regain access to the real Security Center. As can be guessed from the above attack, Internet Security 2012 is specific to Windows, and, like all FakeRean-based types of rogue anti-malware programs, is unable to function in non-Windows environments to any significant degree.

Internet Security 2012 Screenshot 2Internet Security 2012 Screenshot 3Internet Security 2012 Screenshot 4Internet Security 2012 Screenshot 5Internet Security 2012 Screenshot 6Internet Security 2012 Screenshot 7

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Internet Security 2012 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%CommonPrograms%\Internet Security 2012\Internet Security 2012.lnk File name: %CommonPrograms%\Internet Security 2012\Internet Security 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%ProgramFiles%\Internet Security 2012\Internet Security 2012.exe File name: %ProgramFiles%\Internet Security 2012\Internet Security 2012.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%UserProfile%\.Internet Security 2012 File name: %UserProfile%\.Internet Security 2012
Mime Type: unknown/Internet Security 2012
Group: Malware file
%Documents and Settings%\All Users\Application Data\[RANDOM]\defender.exe File name: %Documents and Settings%\All Users\Application Data\[RANDOM]\defender.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\All Users\Application Data\[RANDOM]\Internet Security 2012.exe File name: %Documents and Settings%\All Users\Application Data\[RANDOM]\Internet Security 2012.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\All Users\Application Data\[RANDOM]\[RANDOM].exe File name: %Documents and Settings%\All Users\Application Data\[RANDOM]\[RANDOM].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[UserName]\asr.dat File name: %Documents and Settings%\[UserName]\asr.dat
File type: Data file
Mime Type: unknown/dat
Group: Malware file
%Documents and Settings%\[UserName]\Application Data\1tmp.bat File name: %Documents and Settings%\[UserName]\Application Data\1tmp.bat
File type: Batch file
Mime Type: unknown/bat
Group: Malware file
%WINDOWS%\Prefetch\ISECURITY.EXE-1824C86D.pf File name: %WINDOWS%\Prefetch\ISECURITY.EXE-1824C86D.pf
Mime Type: unknown/pf
Group: Malware file
%AppData%\isecurity.exe File name: %AppData%\isecurity.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%TEMP%\winupd.exe File name: %TEMP%\winupd.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{CLSID Path}HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"HKEY_CURRENT_USER\Software\Microsoft "adver_id" = "29"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\Internet Security 2012.exe" /sn"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\Internet Security 2012.exeHKEY_CURRENT_USER\Software\Microsoft\Installer\Products\[RANDOM]HKEY_CLASSES_ROOT\BrcWizApp.BrcWizHKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}HKEY_CURRENT_USER\Software\Internet Security 2012HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}HKEY_LOCAL_MACHINE\SOFTWARE\ISECURITY.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Internet Security 2012"HLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ISECURITY.EXE"

Additional Information

The following messages's were detected:
# Message
1[filename] can not start
File [filename] is infected by W32/Blaster.worm.
Please activate Internet Security 2012 to protect your computer.
2Firewall Warning
Hidden file transfers to remote host has been detected.
has detected a leak of your files through the Internet. We strongly recommend that you block the attack immediately.
3notepad.exe can not start
File notepad.exe is infected by W32/Blaster.worm. Please activate Internet Security 2012 to protect your computer.
4Security Warning
Malicious program has been detected. Click here to protect your computer.

Related Posts

4 Comments