Home Malware Programs Rogue Anti-Spyware Programs Security Sphere 2012

Security Sphere 2012

Posted: September 29, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 68
First Seen: September 29, 2011
Last Seen: September 9, 2019
OS(es) Affected: Windows

Security Sphere 2012 Screenshot 1Security Sphere 2012 is a new variant of fake security programs from the WinWeb Security family. Although Security Sphere 2012's name has been tweaked, the rest of Security Sphere 2012's code, structure, interface and functions have all been borrowed from older types of scamware. Like other examples of its family, Security Sphere 2012 creates error messages that SpywareRemove.com malware experts have noted to be totally disconnected from any real analysis of your computer's health. Security Sphere 2012 can also create fake Windows Security Center pop-ups and disable the real Windows Security Center and may also engage in browser hijackers or software-blocking behavior. Given these traits, it's crystal-clear that Security Sphere 2012 is a threat to your PC and should be deleted right away, although you should use an appropriate anti-malware program to remove Security Sphere 2012 whenever it's possible to do so.

The Result of Security Sphere 2012 Rolling Up to Your PC

Security Sphere 2012 and its relatives use fake software updates as their primary method of infection, although they may also be bundled with other types of illegitimate programs or be installed by dropper Trojans. Security Sphere 2012 uses a very minor revamp of the traditional skin that's used for this family of rogue security programs, including a blue color scheme that's reminiscent of Windows, as well as a comforting shield icon. However, these trappings are only meant to make you lower your guard to Security Sphere 2012's attacks, since SpywareRemove.com malware experts have (as is usually the case for such analyses) found no instances of real security or anti-virus features in Security Sphere 2012. Among the many members of Security Sphere 2012 family members are Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012 and Futurro Antivirus.

Although Security Sphere 2012 will indulge in automatic system scans, its scans will detect fake infections that aren't on your PC and may also create unusual error messages that try to mislead you about your computer's health. Security Sphere 2012 will also back up these scans with a range of other pop-up alerts, including taskbar-based warnings and pop-ups that imitate Windows Security Center. Examples include:

System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.

System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)

Tracking software found!
Your PC activity is being monitor. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen.
Prevent damage now by completing a security scan.

Severe system damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible.
Act now, click here for a free security scan.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible changes may occur. Private data may be stolen.
Click here now for an instant anti-virus scan.

Taking Security Sphere 2012 to Task for Its Fake Security

Along with Security Sphere 2012's fake errors, Security Sphere 2012 will also try to convince you to purchase an activation key. SpywareRemove.com malware research team advises against this unwarranted exposure of your credit card information, since you can use this free code to register Security Sphere 2012 if it's necessary: '2233-298080-3424.' Until you've deleted Security Sphere 2012 with an appropriate anti-malware program, you should also guard your PC against the following attacks:

  • Browser hijacks that redirect you to Security Sphere 2012's website or block PC security sites with fake error messages.
  • Blocked security-related software, including Task Manager, Windows Security Center, MSConfig or anti-virus scanners. You can run your software by switching to Safe Mode or another system mode that doesn't allow Security Sphere 2012 to launch itself.

However, as long as you use appropriate software to delete Security Sphere 2012, these attacks will cease and your programs, including your browser and security applications, will be unharmed by these temporary interferences.

OpenCloud Security Screenshot 2OpenCloud Security Screenshot 3OpenCloud Security Screenshot 4OpenCloud Security Screenshot 5OpenCloud Security Screenshot 6OpenCloud Security Screenshot 7

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%ALLUSERSPROFILE%\Application Data\vL02901GfNiF02901\vL02901GfNiF02901.exe File name: vL02901GfNiF02901.exe
Size: 385.02 KB (385024 bytes)
MD5: 88b31496141aede9c1b336a5e7ebe756
Detection count: 88
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\vL02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%ALLUSERSPROFILE%\Application Data\eE02901GfNiF02901\eE02901GfNiF02901.exe File name: eE02901GfNiF02901.exe
Size: 385.02 KB (385024 bytes)
MD5: 8aa04ec92727f9c527bdab2e88ed5154
Detection count: 87
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\eE02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%ALLUSERSPROFILE%\Application Data\Lo02901GfNiF02901\Lo02901GfNiF02901.exe File name: Lo02901GfNiF02901.exe
Size: 380.92 KB (380928 bytes)
MD5: 8ade31ea6af2a42c522696eb375e76eb
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\Lo02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%ALLUSERSPROFILE%\Application Data\Mn02901GfNiF02901\Mn02901GfNiF02901.exe File name: Mn02901GfNiF02901.exe
Size: 393.21 KB (393216 bytes)
MD5: c5a3cf0e35d42ba557bd7bdbbb883409
Detection count: 76
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\Mn02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%ALLUSERSPROFILE%\Application Data\nN02901GfNiF02901\nN02901GfNiF02901.exe File name: nN02901GfNiF02901.exe
Size: 376.83 KB (376832 bytes)
MD5: d6365c3365a53b513780bda09c0ba7b2
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\nN02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%Temp%\[RANDOM CHARACTERS]\ File name: %Temp%\[RANDOM CHARACTERS]\
Group: Malware file
%Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe File name: %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmp File name: %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Documents and Settings%\[UserName]\Desktop\Security Sphere 2012.lnk File name: %Documents and Settings%\[UserName]\Desktop\Security Sphere 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS].exe File name: %Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%AllUsersProfile%\??????????\[RANDOM CHARACTERS][NUMBERS].exeHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilte "Enabled" = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION "svchost.exe"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "enablehttp1_1" = '1'

Additional Information

The following messages's were detected:
# Message
1Security Sphere 2012 Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with Security Sphere 2012
2Security Sphere 2012 Warning
Your computer is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid theft of your credit card details.
Click here to activate protection.
3Warning message from Internet browser. This page under virus attack. This may crash your system.
This may be caused by:
Virus content founded at this site trying to install its components.
Malicious & unknown network processes are determined.
Your system is under virus attack
Negative references from other citizens concerning this web page.
Your system ports and backdoors have been checked by visited page for external access.
Recommendations:
Obtain a license of "Security Sphere 2012" to protect your PC for the safest browsing Internet pages (desirable)
Launch spyware, virus and malware scanning process.
Keep browsing
4Warning!
Application cannot be executed. The file notepad.exe is infected.
Please activate your antivirus software.

8 Comments

  • `carl says:

    hope itwoks

  • bill says says:

    This thing will not leave me start even regedit or taskmanger, or anything else, not even allow me to uninstall a program. I am formating the drive and reinstalling. I am told it pupped up while viewing a Facebook page. It is on a zd7380 HP with virus software working just fine. External scanning by a clean computer with this drive installed via usb, shows no viruses on the drive.

  • Alonzo Corbin says:

    Just wait a little or download process hacker 2 it can kill any process on you PC for free and the best
    part is its free feel to contact me

  • glenn says:

    how do i remove this it wont let me make it to backdate like these old viruses did ?

  • Tim Fonti says:

    Pretty awesome that your malware remover actually worked. Tried 3 other programs (will not mention names) and all failed. Kept my PC in a loop of pop-ups and did not remove the fake security program. Thanks for the help with removing this mess. In any case I will be subscribing to your rss feed and I hope you keep being honest with helping others with malware!

  • jorge says:

    senda myanmar activacion code

  • Shelly Meyers says:

    Oh, great.. security sphere 2012 had my internet access locked out for two weeks now. Had to use my son's laptop. Downloading the malware spyhunter remover program right now to USB drive. Will try loading it that way and see if that works.

  • Paul Climin says:

    Well, my pc boots faster after removing registry entries listed. easy peasy.

Loading...