Home Malware Programs Rogue Anti-Spyware Programs System Protection 2012

System Protection 2012

Posted: November 8, 2011

Threat Metric

Ranking: 12,270
Threat Level: 8/10
Infected PCs: 525
First Seen: November 8, 2011
Last Seen: October 8, 2023
OS(es) Affected: Windows

System Protection 2012 Screenshot 1As a rogue security program that was first identified in 2011 and offers no genuine security for any PC, System Protection 2012 is a fraudulent product in every possible way, despite its benign name and appearance. SpywareRemove.com malware experts have placed System Protection 2012 in the FakeScanti family due to its strong similarities to other types of rogue anti-virus products. Common symptoms of a System Protection 2012 infection include fake system alerts that allow System Protection 2012 to sneakily gain access to your credit card by asking you to purchase the activated version of its security features, but buying System Protection 2012 should never be done and is a danger to your finances as well as to your computer. Until you delete System Protection 2012 with an appropriate anti-malware program, your PC may also suffer from other malfunctions, including browser redirect attacks and security software crashes.

Why You Can Dismiss What System Protection 2012 Considers to Be Risks

Although System Protection 2012 pretends to be a real security program with system-scanning features and PC threat detection capabilities, System Protection 2012 lacks any of the functions that System Protection 2012 or its website advertise. Nonetheless, this doesn't prevent System Protection 2012 from acting like any PC that System Protection 2012 is installed on is under attack; System Protection 2012 is programmed to show the computer's security status as 'at risk' at almost all times and will bundle this inaccurate warning with pop-ups about fake infections.

A few examples of System Protection 2012's pop-ups that SpywareRemove.com malware analysts have dug up include, but aren't limited to:

Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan

Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.

Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.

svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software

Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software

Under no circumstances should you ever trust these inaccurate pop-ups, even if they're accompanied by real program failures; they're only created to give you a reason to purchase the full extent of System Protection 2012's (nonexistent!) anti-malware features. Even contact with System Protection 2012's website should be considered ill-advised, since it may result in other attacks on your PC via malicious scripts and other types of web browser exploits.

Handling the System Instability That System Protection 2012 Uses for Its Marketing Spiel

Even if you're convinced of System Protection 2012's lack of value as a security program, your attempts to remove System Protection 2012 may be hindered by other attacks that cause problems that are more serious than simple fake alerts. SpywareRemove.com malware researchers have found the following symptoms to be particularly common to System Protection 2012 and the rest of the WinAVPro family (including the 'OpenCloud' branch as well as other branches like Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013.

  • System crashes (AKA the fabled 'blue screen of death').
  • Program crashes, particularly for programs that have system maintenance, security or anti-virus functions.
  • Browser redirects to System Protection 2012's website (similar to a Google Redirect Virus although System Protection 2012 redirects may take place randomly and not just at Google).

Safe Mode and similar types of basic PC security techniques will help you shut down System Protection 2012 so that you can commence with removing System Protection 2012 with a competent anti-malware application. Manual removal of System Protection 2012 should be considered a last resort, since System Protection 2012 alters the Windows Registry and other advanced Windows components in the course of its infection.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%System%\.exe File name: %System%\.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%StartMenu%\Programs\System Protection 2012\ File name: %StartMenu%\Programs\System Protection 2012\
Group: Malware file
%StartMenu%\Programs\System Protection 2012\System Protection 2012.lnk File name: %StartMenu%\Programs\System Protection 2012\System Protection 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\System Protection 2012.lnk File name: %UserProfile%\Desktop\System Protection 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\svhostu.exe File name: %Temp%\svhostu.exe
Mime Type: unknown/exe
Group: Malware file
%AppData%\svhostu.exe File name: %AppData%\svhostu.exe
Mime Type: unknown/exe
Group: Malware file
%StartMenu%\Programs\Startup\crss.exe File name: %StartMenu%\Programs\Startup\crss.exe
Mime Type: unknown/exe
Group: Malware file
%AppData%\\System Protection 2012.ico File name: %AppData%\\System Protection 2012.ico
Mime Type: unknown/ico
Group: Malware file
%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\System Protection 2012HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
Loading...