Advertisement


.AV Security 2012 (Also known as: AVSecurity2012) is a trickily designed malware which evidently seeks easy money. By making users believe that they are dangerously infected with viruses, this scamware creates a need of removal tool and additionally starts offering to purchase its licensed version. However, as you may have guessed, the licensed AV Security 2012 version is useless thing that is offered for swindling the money. Keep in mind that this program is malicious and released by cyber criminals for generating money only.

AV Security 2012 hails from the fakeScanti family which shares the same GUI with System Security 2012 or System Security 2011. In addition, the way how they all are distributed also stays the same after forgetting to update anti-malware program, user unnoticeable lets AV Security 2012 to come through security vulnerabilities found. Keep in mind that you can get this malware together with infected downloads or fake updates downloaded from non-official websites. To launch once PC is rebooted, AV Security 2012 additionally creates some new Registry keys and drops bad files on the Program Files and System32 directories. All those modifications will probably pass by your attention, but you will definitely notice its upcoming activity.

To make its victims believe that PC is infected, AV Security 2012 floods the desktop with faked alerts reporting something like that:

Keep in mind that all those alerts are displayed for the only reason - to scare people into purchasing the license of AV Security 2012. It is highly recommended to avoid doing this because you may lose credit card details and get more viruses installed. To fix your computer, you must remove AV Security 2012, otherwise it will keep redirecting to its payment page that will continuously recommend you register the full version.


AV Security 2012 snapshot:

 

Removal Instructions for AV Security 2012

Reboot your computer into Safe Mode with Networking. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Eventually you will be brought to a menu similar to the one below:

Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard.

Use the following instructions to remove AV Security 2012 (Uninstall instructions)

Registry Keys to be removed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"

Infected Files to be removed.
In Windows Vista and Windows 7
%AppData%\ldr.ini
%AppData%\<random>\
%AppData%\<random>\
%AppData%\<random>\
%AppData%\<random>\AV Security 2012.ico
%Desktop%\AV Security 2012.lnk
%StartMenu%\Programs\AV Security 2012\
%StartMenu%\Programs\AV Security 2012\AV Security 2012.lnk
%System%\AV Security 2012v121.exe

C:\Windows\system32\[random].exe
%UserProfile%\Desktop\System Security 2012.lnk
%Temp%\svhostu.exe

File Location Notes:

%System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7.

%Desktop% means that the file is located directly on your desktop. This is C:\DOCUMENTS AND SETTINGS\<Current User>\Desktop\ for Windows 2000/XP, and C:\Users\<Current User>\Desktop\ for Windows Vista and Windows 7.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\<Current User>\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\<Current User>\AppData\Roaming.

%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\<Current User>\Start Menu\, and for Windows Vista/7 it is C:\Users\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu.

 

There may be one more infection assosiated with it.

. To check it's presence you have to do one thing.

In Windows XP
----------------------

Click on the start meanu and press on Run.
Inside the Run window type CMD and press on Okay.
In the black Command Window type
NETSH WINSOCK RESET and hit on enter.

If you get a message
"Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset." then you are safe.
If not your computer is infected. The only solution to fix it is a Fresh Installation.

In Windows Vista and Windows 7
--------------------------------------

Click on the Start Menu and in the Search box type CMD
At the top you can see a CMD file. Just right click on that file and select Run as

Administrator.

In the black Command Window type
NETSH WINSOCK RESET and hit on enter.

If you get a message
"Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset." then you are safe.

If not your computer is infected. In windows Vista and Windows 7 a successful system restore

will fix the issue. Try a system restore to a good point.

After a successful system restore try to do the same step again.
If you got the message "Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset." your computer is safe and secure.


Related Topics :

© 2013 123seminarsonly.com All Rights Reserved.