Security Monitor 2012

Read this post about Security Monitor 2012 so that you must be aware of the danger it may cause if you try to install it on the computer.

Security Monitor 2012 will disguise as a legitimate security software to attract computer users. In support of this purpose, this virus will provide a series of fake security warnings stating that several threats are detected on the computer.

The truth is, Security Monitor 2012 comes from a family of rogue security software. In fact, it is a successor to unpopular version called Security Solution 2011. Both fake anti-virus programs uses the same skin to appear like a real security product but what lies behind is a shocking truth that it may steal money from your credit card account. Every single minute, this rogue security application will demand user to obtain the license version in order to remove threats. It only accepts credit card payment so there is a huge possibility that naïve computer users may submit to this requirement so resolve computer issues. Thus, malware author charges the credit card for corresponding amount and keep the account to be used for other fraudulent online transactions.

Screen Shot Image:

Image Security Monitor 2012

Technical Details and Additional Information:

Security Monitor 2012 is Also Detected As:
TR/Crypt.ZPACK.Gen (AntiVir), Trojan.Crypt.ZPACK.Gen, Sus/UnkPack-C (Sophos)

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
Typically, rogue program such as Security Monitor 2012 uses Internet connection to spread itself. Authors behind this virus see a lot of advantages in using the Internet and hit the target computer with ease. Dropping and installing Security Monitor 2012 on user’s PC without their approval is possible with the use of Trojan that can breach security vulnerabilities. Other avenue for propagation includes spam email messages, social networking sites and malicious web sites.

Malware Behavior
When executed on the computer, Security Monitor 2012 directly hit the system by dropping a number of files. It also integrates self on Windows start-up by placing own code on the registry. Once loaded when Windows starts, Security Monitor 2012 will demonstrate annoying security alerts and fake virus detection. This tactic aims to entice user into obtaining the licensed version of Security Monitor 2012.

Some of the false warning it may provide includes the following:

WARNING! 222 threats detected
Detected malicious programs can damage your computer and compromise your privacy.
It is strongly recommended to remote them immediately!

Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to remote computer!
Remote IP: 127.127.27.17
Local IP: 190.141.127.19
Port: 25514
System Info
Malicious applets have been discovered in the Java cache directory. Anti-virus program have detected such malicious applets in the following directory
C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\6.0\

[cf]regis[/cf] [cf]files[/cf]

How to Remove Security Monitor 2012

Manual Removal Procedure

1. Kill any running process that belongs to Security Monitor 2012.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
(random characters).exe, Security Monitor.exe

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "Security Monitor 2012"
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Security Monitor 2012.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'

Automatic Removal of Security Monitor 2012

In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Alternative Removal Method for Security Monitor 2012

Option 1 : Use Windows System Restore to return Windows to previous state

If Security Monitor 2012 enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Security Monitor 2012 infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Security Monitor 2012 manual uninstall guide

IMPORTANT! Manual removal of Security Monitor 2012 requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Security Monitor 2012.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Security Monitor 2012 files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Security Monitor 2012.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:Added Registry Entries: