FacebookTwitterLinkedIn

Security Sphere 2012

Also Known As: Security Sphere 2012 Rogue
Type: Fake Antivirus
Damage level: High

Tomas Meskauskas Written by on (updated)

What is Security Sphere 2012?

Security Sphere 2012 is a fake computer scanner derived from the same family of rogue software as Security Shield, a previous version widely distributed by Internet criminals. Security Sphere 2012 is proliferated through misleading websites, which show fake online security scans or provide fake Flash Player updates.

When this bogus program infects your PC, it performs a fake security scan each time you start your computer. This fake scan reports supposedly detected malware on your computer.

Do not delete these 'detected' files manually, since Security Sphere 2012 does not actually scan your hard drive for malware - the process is imitated and this fake program reports legitimate Windows system files as being infected. When your PC is infected, you will also notice various security warning pop-ups; as with the security scan, these pop-ups are fake.

This is an attempt by the program to scare you into believing that your computer is highly infected and it encourages you to buy a fake license for a non existent full version.

Security Sphere 2012 rogue program

Security Sphere 2012 will also hijack you Internet browsers and display warning messages when you try to access Internet. Do not trust this program and never purchase the fake license.

If you notice Security Sphere 2012 on your computer, remove it at once. This program is useless and its security functions are merely imitated to trick you into losing money from your credit card account.

Use this removal guide to remove Security Sphere 2012 from your PC.

Update [21 Jul 2012] : The most recent version of this rogue security program is now called Live Security Platinum
Update [26 Jul 2013] : System Care Antivirus is now the most prevalent infection within this family of rogue security programs

The following fake security warning messages are displayed by computers infected with Security Sphere 2012:

"Security Sphere 2012 Warning. Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove them immediately with Security Sphere 2012."

"Warning: Your computer is infected. Detected spyware infection! Click this message to install the latest update of security software..."

"Security Sphere 2012 Warning. Your computer is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid theft of your credit card details. Click here to activate protection."

"Warning! Application cannot be executed. The file notepad.exe is infected. Please activate your antivirus software."

These security warnings are fake. If you notice that your computer is infected with Security Sphere 2012, remove it immediately.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Automatic Security Sphere 2012 virus removal:

Step 1
Before downloading the automatic remover, enter the fake license key in the registration window of this program. Click the 'registration' button at the top of the main window of Security Sphere 2012 and enter this key:  8945315-6548431

It will not remove the infection, but will help the removal process. Note, that if you copy this key to clipboard and click the 'registration' button, Security Sphere 2012 may automatically detect your copied key and will thank you for registration.

It will then imitate the removal of fake infections and ask you to restart your computer. Before restarting or entering the key, you can download the remover (Step 2), so there will be no need to return to this site.

After restarting, the Security Sphere 2012 icon remains in the Taskbar. This will be disappear when the remover has finished.

Bear in mind, that by registering fake security programs, you do not break any copyright laws.

Step 2
Now you can download and install the spyware remover. Note that when you scan your computer, Security Sphere 2012 may continue to generate fake warnings. You can ignore these warnings.

If you cannot download or run the default installation file, you can try to download an alternate installer (it is renamed to iexplore.exe, since most spyware does not block execution of files with this name)

Security Sphere 2012 virus manual removal (experienced users):

1. Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK.

During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Here is a video demonstrating how to start Windows in "Safe Mode with Networking":

Windows XP users:

Windows Vista / 7 users:

Windows 8 users:

2. Open Internet Explorer, click Tools and select Internet Options. Select "Connections".

internet explorer internet options

 

internet explorer internet connections

 

3.Click LAN settings, if 'Use a proxy server for your LAN' is checked, uncheck it and press OK.

internet options lan settings

internet explorer proxy settings

 

 

 

 

 4. Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplorer.exe and only then click the Save button.

After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):

O4 - HKCU\..\RunOnce: [] %AllUsersProfile%\\.exe

After selecting the required entry, click "Fix Checked". After this procedure you can close HijackThis and proceed to the next removal step.

5. Security Sphere 2012 modifies the system Hosts file. It is used to resolve canonical names of websites to IP addresses.

When it is changed, the user may be redirected to malicious websites, despite observing legitimate URLs in address bar. It is difficult to determine if the site is genuine when the Hosts file is modified.

To fix this, please download the Microsoft FixIt tool that restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions.

The download link is below:

Download MicrosoftFixit.msi

6. Download and install anti-spyware software to completely remove the infection.

Before downloading the automatic remover, enter fake license key in the registration window of this program. Click the 'registration' button at the top of the main window of Security Sphere 2012 and enter this key:  8945315-6548431

It will not remove the infection, but will help the removal process. Note that if you copy this key to clipboard and click the 'registration' button, Security Sphere 2012 may automatically detect your copied key and will thank you for registration. Bear in mind that by registering fake security programs, you do not break any copyright laws.

NOTE: Some spyware can block the downloading of spyware removers. If you cannot download it using the default location, try one of the alternative download locations below:

  • Location 1 (the file is renamed to "iexplore.exe", since most spyware does not block this file)
  • Location 2

Other tools known to remove Security Sphere 2012:

You can also try this registration code: 8945315-6548431. After entering this code, Security Sphere 2012 should stop displaying security warnings.

This might help you in the removal process. This code disables Security Sphere 2012 only temporarily, and therefore, after entering this code, ensure you scan your computer with a legitimate anti-spyware program.

Summary:

The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.

A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:

Fake pop-up used in rogue antivirus distribution example 1

Fake pop-up used in rogue antivirus distribution example 2

Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of security sphere 2012 rogue and other rogue antivirus programs:

example of a webpage used to collect payments for fake antivirus programs

To protect your computer from security sphere 2012 rogue and other rogue antivirus programs users should:

  • Keep their operating system and all of the installed programs up-to-date.
  • Use legitimate antivirus and anti-spyware programs.
  • Use caution when clicking on links in social networking websites and email messages.
  • Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.

Symptoms indicating that your operating system is infected with a fake antivirus program:

  • Intrusive security warning pop-up messages.
  • Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
  • Slow computer performance.
  • Disabled Windows updates.
  • Blocked Task Manager.
  • Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.

If you have additional information on security sphere 2012 rogue or it's removal please share your knowledge in the comments section below.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Security Sphere 2012 Rogue QR code
Scan this QR code to have an easy access removal guide of Security Sphere 2012 Rogue on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.