Home Malware Programs Rogue Anti-Spyware Programs AV Protection 2011

AV Protection 2011

Posted: November 17, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 105
First Seen: November 17, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

AV Protection 2011 Screenshot 1AV Protection 2011 is a fake anti-virus program that disguises inaccurate system information in the form of security alerts and scanner results. Although all the information that AV Protection 2011 provides about your PC is false, the danger of having AV Protection 2011 on your PC is quite real, since AV Protection 2011 will attempt to steal your credit card information and money via product registration requests. Browser redirects and blocked security programs are also common symptoms of AV Protection 2011 infection; however, SpywareRemove.com malware researchers note that once AV Protection 2011 is deactivated by suitable anti-malware techniques, you can remove AV Protection 2011 with any reasonably-trustworthy anti-malware application.

AV Protection 2011 – a Timely Label for a Timeless Rogue Anti-Virus Program

Although AV Protection 2011 acts like a powerful and unique security program on the outside, AV Protection 2011's appearance, functions and even its marketing schemes are all copied from other forms of rogue security applications belonging to the FakeScanti such as {template:related_rogues] AV Protection 2011 utilizes a traditional PC security scam by pretending to detect various forms of PC threats on your PC and then presenting itself to remove them... for a price. However, all of AV Protection 2011's alerts are, in reality, fake, and SpywareRemove.com malware researchers have found that AV Protection 2011 is incapable of removing any type of real infection, including Trojans, keyloggers and worms.

You may also experience browser redirect attacks that force your browser to AV Protection 2011's website as another method of encouraging you to purchase AV Protection 2011, which is, obviously, not advisable.

Protecting Your PC from AV Protection 2011's Dishonest Marketing

Contact with AV Protection 2011's website may cause other attacks against your PC, and while AV Protection 2011 is active, you may experience file-display errors or problems accessing security programs. Registering AV Protection 2011 with the code 'DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B' can help to reduce these issues, but shouldn't be used as a substitute for deleting AV Protection 2011. The latter should always be done with a suitable anti-malware program, since AV Protection 2011 alters Windows components like the Registry and will try to resist removal.

Since AV Protection 2011 may also prevent you from using such programs, a Safe Mode system boot or a boot from a source that bypasses your Registry (such as a USB drive or CD) will launch Windows with AV Protection 2011 deactivated. Once this is done, SpywareRemove.com malware experts are happy to note that AV Protection 2011 can be removed with a simple anti-malware scan without permanent damage to Windows.

AV Protection 2011 Screenshot 2AV Protection 2011 Screenshot 3AV Protection 2011 Screenshot 4AV Protection 2011 Screenshot 5AV Protection 2011 Screenshot 6AV Protection 2011 Screenshot 7AV Protection 2011 Screenshot 8AV Protection 2011 Screenshot 9

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\zttxx00ucSi3oGa\AV Protection 2011v121.exe File name: AV Protection 2011v121.exe
Size: 2.91 MB (2913280 bytes)
MD5: a6caa3860626a49b39024e7444b9757a
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\zttxx00ucSi3oGa
Group: Malware file
Last Updated: November 18, 2011
%WINDIR%\SysWOW64\AV Protection 2011v121.exe File name: AV Protection 2011v121.exe
Size: 2.9 MB (2905600 bytes)
MD5: ff2ec87ef7291b365214c837efc37f68
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: November 18, 2011
%WINDIR%\system32\AV Protection 2011v121.exe File name: AV Protection 2011v121.exe
Size: 2.91 MB (2916352 bytes)
MD5: 5b1f59ac2214391122528d4d0e94e58c
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: November 18, 2011
%AppData%\905F1\12EDD.exe File name: 12EDD.exe
Size: 175.1 KB (175104 bytes)
MD5: 17c183fdf8d2d9c44b9fa7ee3e7a1b1a
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\905F1
Group: Malware file
Last Updated: November 18, 2011
%APPDATA%\S88fRR99hXjUeIr\AV Protection 2011v121.exe File name: AV Protection 2011v121.exe
Size: 2.91 MB (2917376 bytes)
MD5: cf14de5d101e53f456596c4442282f60
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\S88fRR99hXjUeIr
Group: Malware file
Last Updated: November 18, 2011
%APPDATA%\wJ77ddEK8gRZ9Yj\AV Protection 2011v121.exe File name: AV Protection 2011v121.exe
Size: 2.92 MB (2920448 bytes)
MD5: 3f742885983894d8e29b35512f0f93f9
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\wJ77ddEK8gRZ9Yj
Group: Malware file
Last Updated: November 18, 2011
%APPDATA%\BkUUVVelOBtz0yA\AV Protection 2011v121.exe File name: AV Protection 2011v121.exe
Size: 2.91 MB (2919424 bytes)
MD5: 6cfee191a83d59ed0c406ade680e280c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BkUUVVelOBtz0yA
Group: Malware file
Last Updated: November 18, 2011
%WINDIR%\system32\AV Protection 2011v121.exe File name: AV Protection 2011v121.exe
Size: 2 MB (2007040 bytes)
MD5: 3ca46f40d191dc769d84f19c8546a429
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: August 17, 2022
%Programs%\AV Protection 2011\AV Protection 2011.lnk File name: %Programs%\AV Protection 2011\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%Temp%\8.tmp File name: %Temp%\8.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%AppData%\dwme.exe File name: %AppData%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\AV Protection 2011.lnk File name: %AppData%\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AppData%\246DE\ File name: %AppData%\246DE\
Group: Malware file
%AppData%\246DE\ED59.46D File name: %AppData%\246DE\ED59.46D
Mime Type: unknown/46D
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\ File name: %AppData%\[RANDOM CHARACTERS]\
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\AV Protection 2011.ico File name: %AppData%\[RANDOM CHARACTERS]\AV Protection 2011.ico
Mime Type: unknown/ico
Group: Malware file
%StartMenu%\Programs\AV Protection 2011\ File name: %StartMenu%\Programs\AV Protection 2011\
Group: Malware file
%StartMenu%\Programs\AV Protection 2011\AV Protection 2011.lnk File name: %StartMenu%\Programs\AV Protection 2011\AV Protection 2011.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%ProgramFiles%\LP\ File name: %ProgramFiles%\LP\
Group: Malware file
%ProgramFiles%\LP\6AB2\ File name: %ProgramFiles%\LP\6AB2\
Group: Malware file
%ProgramFiles%\LP\6AB2\027.exe File name: %ProgramFiles%\LP\6AB2\027.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ProgramFiles%\DED59\ File name: %ProgramFiles%\DED59\
Group: Malware file
%ProgramFiles%\DED59\lvvm.exe File name: %ProgramFiles%\DED59\lvvm.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\dwme.exe File name: %Temp%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\AV Protection 2011v121.exe File name: %System%\AV Protection 2011v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

File name without pathAV Protection 2011.lnkHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceListHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Additional Information

The following messages's were detected:
# Message
1Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
2Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
3Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
4Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
5Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.
6Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
7Warning!
The file "firefox.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
8Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
9Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
10Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
11Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
12svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

4 Comments

Loading...