When run, AV Security 2012 pretends to scan your computer for malicious software. It may lock down Windows functionality to prevent accessing system utilities and legitimate anti-malware software. Although, the rogue program itself cannot delete your files or steal login credentials, we have observed that it may contain backdoor capabilities, enabling software to download additional malware onto your computer or install spyware modules. Very often, AV Security 2012 comes bundled with a rootkit from the TDSS family. Interestingly, this rootkit is able to block anti-virus products and install click fraud modules. It's not a coincidence that users infected with fake AVs are redirected to malicious and spammy websites every time you click on a Google or Bing search results. Cyber crooks act to maximize profits.
Here's what the rogue antivirus called AV Security 2012 looks like.
A couple of fake security alerts you may see when this rogue antivirus is active.
If you're having a hard time removing it, it's because your removal procedure is hopelessly flawed. Just don't purchase AV Security 2012 and do not wait until your computer becomes a part of a botnet. By far the most easiest way to get rid of System Security 2012 is to use the debugged activation code 9992665263 and run anti-malware software. However, you can follow alternate removal methods described below as well. Manual removal might be somehow more complicated but it works. Just follow the removal instructions below very carefully. If you need any extra assistance removing AV Security 2012, please leave a comment below. Good luck and be safe online!
AV Security 2012 removal instructions:
1. First of all, download and run ZeroAccess/Sirefef/MAX++ removal tool. (works on 32-bit systems only! If you have 64-bit system, proceed to the next step)
2. Then use TDSSKiller.
3. And finally, download free anti-malware software from the list below and run a full system scan.
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
Manual AV Security 2012 removal guide:
1. Right-click on AV Security 2012 icon and select Properties. Then select Shortcut tab.
The location of the malware is in the Target box.
2. In our case the malicious file was located in C:\Windows\System32 folder. Select the malicious file, rename it and change a file name extension.
Original file: TcS22bF3nGaQWKf.exe
Renamed file: TcS22bF3nGaQWKf.vir
3. Restart your computer. After a reboot, download free anti-malware software from the list below and run a full system scan.
4. Download free anti-malware software from the list below and run a full system scan.
5. Remove the TDSS/ZeroAccess rootkit (if exists). Please follow this removal guide: http://deletemalware.blogspot.com/2010/03/tdss-alureon-tidserv-tdl3-removal.html
Manual activation and AV Security 2012 removal:
1. Choose to remove threats and manually activate the rogue program. Enter one of the following codes to activate System Security 2012.
2. Download free anti-malware software from the list below and run a full system scan.
Associated AV Security 2012 files and registry values:
- C:\WINDOWS\system32\[SET OF RANDOM CHARACTERS].exe
- %AppData%\jGteKoRdoSdLrJs\AV Security 2012.ico
- %DesktopDir%\System Security 2012.lnk
- %Programs%\AV Security 2012\AV Security 2012.lnk
- %Programs%AV Security 2012
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"