FakeXPA

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1,297
First Seen: November 30, 2010
Last Seen: January 23, 2022
OS(es) Affected: Windows

FakeXPA is a family of rogue security applications that have been detected in the wild since 2008. Some examples of rogue security programs that belong to the FakeXPA family of fake security applications include Antivirus 2009, 2010 and 360, Total Security 2009 and 2011, Green AV, Alpha AV, Cyber Security and fake versions of E-Set and AVG anti-virus programs. ESG security researchers consider that any fake security programs on your computer system belonging to the FakeXPA family of rogue security programs pose a severe threat to your computer system's security and should be removed immediately with a real, legitimate anti-malware application.

Understanding How Fake Security Programs in the FakeXPA Family Infect Your System

Programs in the FakeXPA family of malware claim to scan the victim's computer system and display multiple fake error messages claiming that the victim's computer has fallen victim to a virus attack. These fake security programs claim that they can only remove these imaginary threats if the victims pay for a 'full version' of the rogue security program in question. Malware in the FakeXPA family are characterized because they imitate Windows Security Center closely. According to ESG security researchers, some malware in the FakeXPA family has been known to connect to a remote server and download the Alureon Trojan and rootkit and install it onto the victim's computer. These distributions of FakeXPA rogue security programs are particularly dangerous and may require a specialized anti-rootkit tool to be removed.

How FakeXPA Rogue Security Programs are Installed on the Victim’s Computer System

The FakeXPA installer will usually be associated with additional malware, which will be installed on the same directory as the rogue security program itself. This malware infection will usually take the form of an executable file with the EXE extension (such as 'win.exe', for example). As part of their payload, malware belonging to the FakeXPA family will overwrite any security programs it finds on the victim's computer. They will check the victim's computer's Windows Registry in order to detect common security programs, particularly AVG, Kaspersky, Norton, McAfee and Norton. Then, these dangerous rogue security programs will overwrite portions of executable files corresponding to these legitimate security applications. This corrupts them, disabling them completely. Once the victim's security software has been disabled, FakeXPA has free rein to attack the victim's computer and cause browser redirects, block access to the victim's files and carry out its malicious scam.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Downloader.Generic8.BSRD
Fortinet W32/PackBredolab.C!tr
AhnLab-V3 Win-Downloader/Zlob.173056
eTrust-Vet Win32/FakeXP.J
DrWeb Trojan.Packed.19697
F-Secure Trojan:W32/XPAntivirus.gen!L
Sophos Troj/FakeAv-AAQ
BitDefender Trojan.Generic.2503965
Kaspersky Trojan-Downloader.Win32.FraudLoad.fmh
Avast Win32:MalOb-CA [Cryp]
Symantec Trojan.FakeAV!gen5
F-Prot W32/FakeAV.MN
NOD32 Win32/Adware.Antivirus2009.AA
McAfee FakeAlert-IS
CAT-QuickHeal TrojanDownloader.FraudLoad.fm

SpyHunter Detects & Remove FakeXPA

File System Details

FakeXPA may create the following file(s):
# File Name MD5 Detections
1. iesafemode.exe f578ab4b5bc76e71a209a0a795618c20 46
2. iesafemode.exe 222ce2263b8e92c61284bb1b4c704ae5 16
3. iesafemode.exe 9967e5956005fc377605304e60ca4d78 15
4. iesafemode.exe c2089ab47353d142b7d1ea4b3f49562e 15
5. iesafemode.exe 18f1d1761c0a70b641157ceb07a8f0b2 13
6. iesafemode.exe 0e8f4807cad312f597cfe7dbcf2261ad 12
7. e-set.exe ca2326019dffbf70ba05f92dba9276a5 12
8. iesafemode.exe 23ef8ad8894754b6b031ef59d024a8dd 11
9. setup.exe b0677ddcd6e67d716e8a2315952bea94 11
10. iesafemode.exe c880fa52d8ec65e792fe694212c29eed 10
11. iesafemode.exe 8a8d987f61778c0b60b30b6f991a5f52 10
12. iesafemode.exe 4fb3fa33ae7c845218cbe54d13c9bb9f 8
13. Soft_95.exe 3734185c9e1bdd05bb9b077ee4f32878 8
14. iesafemode.exe cac1918e12e1ef7c8418b2904fb179ef 7
15. iesafemode.exe 556e6129ab4e0a86a0cfc1d3d425597c 6
16. avg.exe d568107809815871a46169f63ac52e0c 5
17. setup.exe 1694f0522272a4e732185c18aae9e3ba 4
18. iesafemode.exe 22a323b50a890f899c4800cf921ec2dc 3
19. iesafemode.exe ff0b1b68924b4ef31e11ec439602a266 3
20. e-set.exe fdcb6a236f1fe4f464ff6a9e0267d726 2
21. e-set.exe 1949f8303d9826221c04518bb3256056 2
22. wdn.exe f9f1dcfae3e975440a8e28ab751b0397 2
23. powersecure_2053_ibr8.exe 730f23c83957ec25e8b4e0a04420d993 1
24. avg.exe 4865d43bb53fd0aba54d831328bb7c01 1
25. avg.exe 1f79908e06cd00466b97f086b7cead16 1
26. e-set.exe 2830867abf0a4585f68bda47b8e4a107 1
27. msiexecs.exe de8634ff52b49a1c0ebb36b1ffa2cf43 1
More files

Related Posts

Trending

Most Viewed

Loading...