What this infection does:
Once this rogue is started it will automatically pretend to scan your computer for viruses. When it has finished it will state that there are numerous infections on your computer, but will not allow you to remove any of them until you first purchase the program. The scan results for this program will not include any actual file names of the supposed infections, but rather just descriptions of the threat. It is important to understand that Smart Fortress 2012 was created for one reason; to scare you into thinking that your computer is severely infected so that you will then purchase the program. With that said, you should not be alarmed by any of the scan results that this program displays.
As a protection mechanism, Smart Fortress 2012 will change your Windows Registry so that any time you execute an application, it will terminate the application, state it is an infection, and then start the Smart Fortress 2012 program again. This makes it very hard to terminate the rogue as any time you start a program to assist you in removing it, the infection will just start again and terminate anything you are running. The message that you will see when it terminates a program is:
Warning!
Application cannot be executed. The file notepad.exe is infected.
Please activate your antivirus software.
This infection will also start when you run a program in the Window Safe Mode. This makes it even more difficult to remove this infection.
While Smart Fortress 2012 is running it will also display fake security alerts and warnings from your Windows taskbar. These alerts are designed to scare you into thinking that your computer is infected and that you should purchase the program to protect yourself. The text of these messages include:
Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software...
Security Monitor: WARNING!
Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk.
To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).
Smart Fortress 2012 Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with Smart Fortress 2012
Just like the fake scan results, these security alerts are all false and should be ignored.
Without a doubt, this rogue was created for one reason; to scare you into thinking you are infected so that you will then purchase the program. It goes without saying that you should definitely not buy Smart Fortress 2012, and if you already have, please contact your credit card company and dispute the charges stating that the program is a scam and a computer virus. To remove Smart Fortress 2012 and other related malware, please contact us ASAP!
Associated Smart Fortress 2012 - Processes to end:
<random>.exe
Associated Smart Fortress 2012 - Files to remove:
%CommonAppData%\<random 33 characters>
%CommonAppData%\<random 33 characters>\<random 33 characters>
%CommonAppData%\<random 33 characters>\<random 33 characters>.exe
Associated Smart Fortress 2012 - Registry Information to remove:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "<random>"
HKEY_CURRENT_USER\Software\Classes\<random 4 characters>
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
HKEY_CLASSES_ROOT\<random 4 characters>
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\%s "(Default)" = "<random 4 characters>"
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\<random 4 characters>\shell\open\command "(Default)" = "%CommonAppData%\<random 33 characters>\<random 33 characters>.exe" -s "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "<random 4 characters>"
HKEY_CURRENT_USER\Software\Classes\<random 4 characters>\shell\open\command "(Default)" = "%CommonAppData%\<random 33 characters>\<random 33 characters>.exe" -s "%1" %*
File Location Notes:
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.
%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\\AppData\Roaming.
%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000. and 2003 it refers to C:\Documents and Settings\\Start Menu\, and for Windows Vista/7 it is C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu.
File <random> Notes:
The term <random> refers to a randomly generated sequence of numbers and or letters. This type of infection is known as a polymorphic virus / infection. It's able to randomly create different file names and folder names, keeping it from being detected by most legit antivirus products.
Keep in mind when your infected with rogue security, there is a very good chance your infected with other types of malware, spyware, worms, rootkits etc... Professional Computer Repair Services like NickLockard.com Remote Service, LLC. can help removal all infections and secure your system correctly so you don't have to worry about it.
Seach: "Smart Fortress 2012, remove Smart Fortress 2012, Smart Fortress 2012 removal, uninstall Smart Fortress 2012, Smart Fortress 2012 remover, Smart Fortress 2012 fix, Delete Smart Fortress 2012, SmartFortress2012 remover, virus removal, malware removal, computer help, computer support,"
