System Security 2012
Written by Tomas Meskauskas
Damage level: High
System Security 2012 virus elimination instructions
What is System Security 2012?
System Security 2012 is a misleading computer security scanner that attempts to convince you that your PC is infected with various malware. This rogue program is derived from the same family of fake security scanners as Guard Online, Cloud Protection, System Security 2011, and others. Like its previous versions, System Security 2012 is distributed via misleading websites that exploit security vulnerabilities in users' computers in order to self-install. After installation, System Security 2012 modifies the registry of your operating system such that it starts automatically each time you boot your operating system. This bogus program imitates a security scan and then displays fake results.
Main window of System Security 2012:
System Security 2012 detects various Trojans on your computer, and if you click the 'Remove threats' button, you will be asked to purchase a license for System Security 2012 prior to removing the 'detected' threats. Do not buy this rogue program, it is a scam. The warning messages displayed by System Security 2012 are fake. These methods are designed to scare you into believing your computer has serious security issues and that you need to purchase a fake license for the full version of System Security 2012. Ignore messages displayed by this rogue scanner. This bogus software is derived from a large family of rogue applications created by the same group of criminals and sharing the same interface. The programs from this family use the same strategy to intimidate computer users - they 'detect' non existent security threats on your computer and then suggest that you purchase their license keys to remove them. Do not trust this misleading program, it is merely an imitation of legitimate security software, and therefore, you should remove it from your PC immediately.
The following fake pop-up messages will be displayed on computers infected with System Security 2012:
"Windows Security Alert. To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Zeus Trojan Publisher: Unauthorized."
"Warning! Infection found. Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer. Keylogger Zeus was detected and put in quarantine. Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails."
"Security Warning. Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately."
"Warning! The file "taskmgr.exe" is infected. Running of applications is impossible. Please activate your antivirus software."
These security warnings are fake. If you notice that your computer is infected with System Security 2012, remove it immediately.
- What is System Security 2012?
- STEP 1. Remove System Security 2012 using a registration key.
- STEP 2. Remove System Security 2012 using Safe Mode with Networking.
- STEP 3. Remove System Security 2012 manually by deleting files and registry entries.
System Security 2012 virus removal:
Enter any one of these System Security 2012 activation keys in the registration window. Click the 'Enter Activation key' button located at the bottom-left corner of the main program window and paste only one of these keys (each key is on a separate line):
When the registration key is entered, System Security 2012 will behave as if you have purchased it and will cease generating fake warnings. It will also enable some previously disabled windows features. Note, that registering this program will not remove it from your PC. It will simply disable fake warnings.
This infection is known to modify your proxy settings. It intercepts your connection to the Internet and you may not be able to access some Internet resources. To fix this, download and run the proxy removal tool. This tool runs automatically - simply double click it and it will do the job. The download link is below:
After fixing the proxy settings, you will be able to download the spyware remover
Download, install and run the spyware removal tool. It will scan your PC for System Security 2012 and other malware infections.
If you cannot download or run the spyware remover, try running the registry fix (link below). It enables execution of programs. Download the registryfix.reg file, double click it, click YES, and then OK.
If installation fails, you can try downloading the customized installer developed by our technicians to bypass the System Security 2012 spyware infection. Your browser may report that this file is unsafe. Please ignore these warnings. Download customized installer
System Security 2012 removal instructions (on infected computer):
1. Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Here is a video demonstrating how to start Windows in "Safe Mode with Networking":
Windows XP users:
Windows Vista / 7 users:
Windows 8 users:
2. Open Internet Explorer, click Tools and select Internet Options. Select "Connections".
3.Click LAN settings, if 'Use a proxy server for your LAN' is checked, uncheck it and press OK.
4. Download HijackThis and save it to your desktop. Some malicious programs are able to block HijackThis, so when you click the download link, in the Save dialog, rename HijackThis.exe to iexplore.exe and only then click the Save button. After saving the file to your desktop, double click it. In the main HijackThis window click the “Do a system scan only” button. Select the following entries (place a tick at the left of the entries):
O4 - HKLM\..\Run:  C:\WINDOWS\system32\.exe
O4 - HKLM\..\Run:  %AppData%\svhostu.exe
O4 - Startup: crss.exe
After selecting the required entries, click "Fix Checked". After this procedure you can close HijackThis and proceed to the next removal step.
5. Download legitimate anti-spyware software to fully remove System Security 2012 from your computer.
Other tools known to remove System Security 2012:
If you are unable to remove System Security 2012, you can use these manual removal instructions. Use them at your own risk, since if you do not have strong computer knowledge, you could harm your operating system. Use them only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these System Security 2012 processes:
Remove these System Security 2012 entries:
HKEY_CURRENT_USER\Software\System Security 2012
Delete these System Security 2012 files:
%StartMenu%\Programs\System Security 2012\
%StartMenu%\Programs\System Security 2012\System Security 2012.lnk
%UserProfile%\Desktop\System Security 2012.lnk
%AppData%\\System Security 2012.ico
The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.
A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in System Security 2012 distribution:
Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of System Security 2012 and other rogue antivirus programs:
To protect your computer from System Security 2012 and other rogue antivirus programs users should:
- Keep their operating system and all of the installed programs up-to-date.
- Use legitimate antivirus and anti-spyware programs.
- Use caution when clicking on links in social networking websites and email messages.
- Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.
Symptoms indicating that your operating system is infected with a fake antivirus program:
- Intrusive security warning pop-up messages.
- Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
- Slow computer performance.
- Disabled Windows updates.
- Blocked Task Manager.
- Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.
If you are experiencing problems while trying to remove System Security 2012 from your computer, please ask for assistance in our malware removal forum.
If you have additional information on System Security 2012 or it's removal please share your knowledge in the comments section below.