System Security 2011

By | October 31, 2011 | 0 Comment

System Security 2011 is a program that every computer users must beware. This is not ordinary software neither a usual security application. System Security 2011 is closely connected with a Trojan that it uses to gain an access on target computer. There are no indications that the Trojan is executing changes on the system, not even your antivirus may detect its activities.

If System Security 2011 is successfully loaded inside your PC, it starts producing a bunch of security alerts situating danger on the system. This fake antivirus also simulates a virus scan that identifies a number of Trojans and viruses. Employing such fake alerts and manufactured scan results are scare devices to trick users in order to induce them into acquiring the paid version of System Security 2011.
Supplementary impairment it can cause to infected computer are the following:

  • The malware can disable Windows system tools like task manager and registry editor. Purpose of this execution is to prevent manual removal and to avoid ending process that links to System Security 2011.
  • It attempts to block access to executable files. Running installed program produces warning alerts announcing that the file is infected. The alert will arise from system tray pretending to be a legitimate Windows security pop-up.
  • System Security 2011 will come up with a warning about successive intrusion attempts. This alarm masks as Windows Firewall Alert to mislead its prey.

As you may observe, System Security 2011 makes an effort to copy what legitimate antivirus program carried out during scan and detect process. However, you may spot rogue ones when concerns about security troubles turns out to be an annoyance.

Type Rogue
Sub-Type FakeAV
Systems Affected Windows

Symptoms

After the installation, System Security 2011 runs a virus scan on itself. Next, it provides a series of detection and report a number of threats needed to eliminate from the system. It prompts to activate the program by purchasing the registration key from their web site.

System Security 2011 Scanner

The malware mimics Windows start-up process indicating system failure. It shows this message:

System Security 2011 RESTORES Windows after system failure caused my spyware and malware activity.
ACTIVATE System Security 2011 to resume the protection of your computer.

Fake Boot up by System Security 2011

 

Some more fake warnings and alerts produced by System Security to mislead computer users.

Warning!
Unwanted software (Malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Fake warning

Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher Unauthorized.

Fake Windows Security Alert

Warning! infection found
Unauthorized sending of E-MAIL with subject “Find girl”
to email address
was CANCELLED

System Security 2011 Fake Warnings

Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Serious Security Vulnerabilities Warning

Other Detection Name for System Security 2011

AhnLab-V3 Trojan/Win32.FakeAV
AntiVir TR/Crypt.EPACK.Gen2
Avast Win32:Cycbot-NO [Trj]
AVG Generic25.AKCZ
Kaspersky Trojan-FakeAV.Win32.OpenCloud.i
MalwareBytes Anti-Malware Backdoor.Bot
McAfee BackDoor-EXI.gen.x
NOD32 Win32/Kryptik.UMI
nProtect Gen:Variant.Kazy.40868
PCTools RogueAntiSpyware.AVGuard
Sophos Mal/FakeAV-IS
SUPERAntiSpyware Mal/FakeAV-IS
Symantec Trojan.Gen.2
TrendMicro TROJ_GEN.RC1C1JS

System Changes

The malware will load using the process:
(random).exe

Malicious files created by System Security 2011 are the following:
%AppData%\(random)\
%AppData%\(random)\
%AppData%\(random)\
%AppData%\(random)\
%AppData%\ldr.ini
%AppData%\svhostu.exe
%AppData%\(random)\System Security 2011.ico
%StartMenu%\Programs\System Security 2011\
%StartMenu%\Programs\System Security 2011\System Security 2011.lnk
%StartMenu%\Programs\Startup\crss.exe
%System%\(random).exe
%UserProfile%\Desktop\System Security 2011.lnk
%Temp%\svhostu.exe

System Security 2011 will create the following registry entries:
HKEY_CURRENT_USER\Software\System Security 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “(random)”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “(random)”

Leave a Reply

Your email address will not be published. Required fields are marked *