Security Sphere 2012
Posted: September 29, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 68 |
| First Seen: | September 29, 2011 |
|---|---|
| Last Seen: | September 9, 2019 |
| OS(es) Affected: | Windows |
Security Sphere 2012 is a new variant of fake security programs from the WinWeb Security family. Although Security Sphere 2012's name has been tweaked, the rest of Security Sphere 2012's code, structure, interface and functions have all been borrowed from older types of scamware. Like other examples of its family, Security Sphere 2012 creates error messages that SpywareRemove.com malware experts have noted to be totally disconnected from any real analysis of your computer's health. Security Sphere 2012 can also create fake Windows Security Center pop-ups and disable the real Windows Security Center and may also engage in browser hijackers or software-blocking behavior. Given these traits, it's crystal-clear that Security Sphere 2012 is a threat to your PC and should be deleted right away, although you should use an appropriate anti-malware program to remove Security Sphere 2012 whenever it's possible to do so.
The Result of Security Sphere 2012 Rolling Up to Your PC
Security Sphere 2012 and its relatives use fake software updates as their primary method of infection, although they may also be bundled with other types of illegitimate programs or be installed by dropper Trojans. Security Sphere 2012 uses a very minor revamp of the traditional skin that's used for this family of rogue security programs, including a blue color scheme that's reminiscent of Windows, as well as a comforting shield icon. However, these trappings are only meant to make you lower your guard to Security Sphere 2012's attacks, since SpywareRemove.com malware experts have (as is usually the case for such analyses) found no instances of real security or anti-virus features in Security Sphere 2012. Among the many members of Security Sphere 2012 family members are Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012 and Futurro Antivirus.
Although Security Sphere 2012 will indulge in automatic system scans, its scans will detect fake infections that aren't on your PC and may also create unusual error messages that try to mislead you about your computer's health. Security Sphere 2012 will also back up these scans with a range of other pop-up alerts, including taskbar-based warnings and pop-ups that imitate Windows Security Center. Examples include:
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.
Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.
Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
Tracking software found!
Your PC activity is being monitor. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen.
Prevent damage now by completing a security scan.
Severe system damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible.
Act now, click here for a free security scan.
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible changes may occur. Private data may be stolen.
Click here now for an instant anti-virus scan.
Taking Security Sphere 2012 to Task for Its Fake Security
Along with Security Sphere 2012's fake errors, Security Sphere 2012 will also try to convince you to purchase an activation key. SpywareRemove.com malware research team advises against this unwarranted exposure of your credit card information, since you can use this free code to register Security Sphere 2012 if it's necessary: '2233-298080-3424.' Until you've deleted Security Sphere 2012 with an appropriate anti-malware program, you should also guard your PC against the following attacks:
- Browser hijacks that redirect you to Security Sphere 2012's website or block PC security sites with fake error messages.
- Blocked security-related software, including Task Manager, Windows Security Center, MSConfig or anti-virus scanners. You can run your software by switching to Safe Mode or another system mode that doesn't allow Security Sphere 2012 to launch itself.
However, as long as you use appropriate software to delete Security Sphere 2012, these attacks will cease and your programs, including your browser and security applications, will be unharmed by these temporary interferences.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ALLUSERSPROFILE%\Application Data\vL02901GfNiF02901\vL02901GfNiF02901.exe
File name: vL02901GfNiF02901.exeSize: 385.02 KB (385024 bytes)
MD5: 88b31496141aede9c1b336a5e7ebe756
Detection count: 88
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\vL02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%ALLUSERSPROFILE%\Application Data\eE02901GfNiF02901\eE02901GfNiF02901.exe
File name: eE02901GfNiF02901.exeSize: 385.02 KB (385024 bytes)
MD5: 8aa04ec92727f9c527bdab2e88ed5154
Detection count: 87
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\eE02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%ALLUSERSPROFILE%\Application Data\Lo02901GfNiF02901\Lo02901GfNiF02901.exe
File name: Lo02901GfNiF02901.exeSize: 380.92 KB (380928 bytes)
MD5: 8ade31ea6af2a42c522696eb375e76eb
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\Lo02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%ALLUSERSPROFILE%\Application Data\Mn02901GfNiF02901\Mn02901GfNiF02901.exe
File name: Mn02901GfNiF02901.exeSize: 393.21 KB (393216 bytes)
MD5: c5a3cf0e35d42ba557bd7bdbbb883409
Detection count: 76
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\Mn02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%ALLUSERSPROFILE%\Application Data\nN02901GfNiF02901\nN02901GfNiF02901.exe
File name: nN02901GfNiF02901.exeSize: 376.83 KB (376832 bytes)
MD5: d6365c3365a53b513780bda09c0ba7b2
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\nN02901GfNiF02901
Group: Malware file
Last Updated: September 30, 2011
%Temp%\[RANDOM CHARACTERS]\
File name: %Temp%\[RANDOM CHARACTERS]\Group: Malware file
%Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
File name: %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmp
File name: %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmpFile type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Documents and Settings%\[UserName]\Desktop\Security Sphere 2012.lnk
File name: %Documents and Settings%\[UserName]\Desktop\Security Sphere 2012.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS].exe
File name: %Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
Regexp file mask%AllUsersProfile%\??????????\[RANDOM CHARACTERS][NUMBERS].exeHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilte "Enabled" = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION "svchost.exe"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "enablehttp1_1" = '1'
Additional Information
| # | Message |
|---|---|
| 1 | Security Sphere 2012 Warning Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove them immediately with Security Sphere 2012 |
| 2 | Security Sphere 2012 Warning Your computer is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid theft of your credit card details. Click here to activate protection. |
| 3 | Warning message from Internet browser. This page under virus attack. This may crash your system. This may be caused by: Virus content founded at this site trying to install its components. Malicious & unknown network processes are determined. Your system is under virus attack Negative references from other citizens concerning this web page. Your system ports and backdoors have been checked by visited page for external access. Recommendations: Obtain a license of "Security Sphere 2012" to protect your PC for the safest browsing Internet pages (desirable) Launch spyware, virus and malware scanning process. Keep browsing |
| 4 | Warning! Application cannot be executed. The file notepad.exe is infected. Please activate your antivirus software. |
hope itwoks
This thing will not leave me start even regedit or taskmanger, or anything else, not even allow me to uninstall a program. I am formating the drive and reinstalling. I am told it pupped up while viewing a Facebook page. It is on a zd7380 HP with virus software working just fine. External scanning by a clean computer with this drive installed via usb, shows no viruses on the drive.
Just wait a little or download process hacker 2 it can kill any process on you PC for free and the best
part is its free feel to contact me
how do i remove this it wont let me make it to backdate like these old viruses did ?
Pretty awesome that your malware remover actually worked. Tried 3 other programs (will not mention names) and all failed. Kept my PC in a loop of pop-ups and did not remove the fake security program. Thanks for the help with removing this mess. In any case I will be subscribing to your rss feed and I hope you keep being honest with helping others with malware!
senda myanmar activacion code
Oh, great.. security sphere 2012 had my internet access locked out for two weeks now. Had to use my son's laptop. Downloading the malware spyhunter remover program right now to USB drive. Will try loading it that way and see if that works.
Well, my pc boots faster after removing registry entries listed. easy peasy.