Win 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 are all names for the same rogue anti-spyware program. This family of rogues is promoted in two ways. The first is through the use of fake online antivirus scanners that state that your computer is infected and then prompt you to download a file that will install the infection. The other method are hacked web sites that attempt to exploit vulnerabilities in programs that you are running on your computer to install the infection without your knowledge or permission. Regardless of how it is installed, once it is running on your computer it will install itself as a variety of different program names and graphical user interfaces depending on the version of Windows that is running. Regardless of the name, though, they are all ultimately the same program with just a different skin on it. This rogue goes by different program names, which I have listed below based upon the version of Windows that it is installed on:
Windows XP Rogue Name | Windows Vista Rogue Name | Windows 7 Rogue Name |
XP Antispyware 2012 | Vista Antispyware 2012 | Win 7 Antispyware 2012 |
XP Antivirus 2012 | Vista Antivirus 2012 | Win 7 Antivirus 2012 |
XP Security 2012 | Vista Security 2012 | Win 7 Security 2012 |
XP Home Security 2012 | Vista Home Security 2012 | Win 7 Home Security 2012 |
XP Internet Security 2012 | Vista Internet Security 2012 | Win 7 Internet Security 2012 |
When installed, this rogue pretends to be a security update for Windows installed via Automatic Updates. It will then install itself as a single executable that has a random consisting of three characters, such as kdn.exe, that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches Vista Home Security 2012, XP Internet Security 2012, Win 7 Security 2012, or any of the other names it goes under. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer from the Window Start Menu it will launch the rogue instead and display a fake firewall warning stating that the program is infected.
Once started, the rogue itself, like all other rogues, will scan your computer and state that there are numerous infections on it. If you attempt to use the program to remove any of these infections, though, it will state that you need to purchase the program first. In reality, though, the infections that the rogues states are on your computer are all legitimate files that if deleted could cause Windows to not operate correctly. Therefore, please do not manually delete any files based upon the results from this rogue’s scan.
If you believe that you are a victim of Malicious Website Blocked Alerts from Svchost.exe, give us a call at 718-565-6063 immediately to prevent the infection from stealing your information or further damaging your computer.