Home Malware Programs Rogue Anti-Spyware Programs Sphere Security 2012

Sphere Security 2012

Posted: November 10, 2011

Threat Metric

Threat Level: 8/10
Infected PCs: 21
First Seen: November 10, 2011
OS(es) Affected: Windows

Sphere Security 2012 is a fake anti-malware program that creates inaccurate infection alerts to persuade you into giving away money, in exchange for a worthless product activation key. Even though Sphere Security 2012 has the appearance of a real security program, SpywareRemove.com malware researchers have found that Sphere Security 2012 lacks any ability to detect genuine viruses, worms or other PC threats. Sphere Security 2012 may also make use of other attacks, including web browser redirects or crashing unrelated programs, to make it more difficult for you to remove Sphere Security 2012 from your PC. However, standard anti-malware techniques and a real anti-malware program can delete Sphere Security 2012 without any long-term damage to your computer resulting from the experience.

Sphere Security 2012 and Its Lack of Security for All Years Possible

Even though Sphere Security 2012 looks like an independent product and its marketing promotes Sphere Security 2012 as a seemingly helpful security program, Sphere Security 2012 is, in reality, no more than a copy-and-paste job of other rogue anti-malware scanners from the FakeScanti group. This collection of rogue security applications spans a wide range of PC threats besides Sphere Security 2012, including Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, AV Protection 2011 and Super AV 2013. Despite their many names and slightly-different appearances, however, all of these WinAVPro programs use similar attacks and should be considered equivalently malicious.

Sphere Security 2012 and its brethren are well-known for using deceptive means to infect new computers, such as drive-by-download scripts and fake online scanners that install WinAVPro infections and similar types of rogue security programs without your consent. In almost all cases, SpywareRemove.com malware experts have found that the primary symptom of infection by Sphere Security 2012 is the appearance of inaccurate system errors, infection warnings and other types of negative threats. Examples of these fraudulent warnings are shown below:

svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software

Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.

Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.

Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software

Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized

Other signs of Sphere Security 2012 attacks can include browser hijacks that redirect you to Sphere Security 2012's website, browser hijacks that block safe websites with inaccurate warnings screens and software malfunctions that prevent you from using real anti-malware products.

Breaking Your PC Out of this Unsafe Sphere

Since Sphere Security 2012 is likely to disable your computer's security features and redirect you to dangerous websites, SpywareRemove.com malware analysts stress the importance of getting rid of Sphere Security 2012 as soon as possible. Although removing Sphere Security 2012 by manual methods is risky for all but seasoned PC security experts, a competent anti-malware application can delete Sphere Security 2012 without harm, and this will also put an end to any Sphere Security 2012 infection-related symptoms, such as threats and browser redirects.

Spending money on registering Sphere Security 2012, even to disable Sphere Security 2012, is strongly discouraged, since this will hand your credit card information over to criminals. Instead, if you feel that you need to disable Sphere Security 2012 via activation before you remove Sphere Security 2012, use the freely-circulated code 'DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B.' SpywareRemove.com malware experts have also noted that this code will work on other types of Sphere Security 2012 clones from the WinAVPro family.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AllUsersProfile%\[RANDOM CHARACTERS] File name: %AllUsersProfile%\[RANDOM CHARACTERS]
Group: Malware file
%StartMenu%\Programs\Sphere Security 2012.lnk File name: %StartMenu%\Programs\Sphere Security 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION "svchost.exe"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "enablehttp1_1" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM CHARACTERS]"
Loading...