Windows XP Fix Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows XP Fix is a harmful rogue defragmentation application and belongs to an extensive list of rogue security programs. Among the many other bogus defragmenters and fake anti-spyware programs are Windows 7 Fix, Windows Vista Fix, System Defragmenter, Win 7 Security 2011, Vista Antispyware 2012, XP Total Security 2012, Win 7 Anti-Spyware 2012, Malware Protection 2009, and XP Antivirus 2012. Windows XP Fix pretends to be a disk defragmentation and computer optimization tool, but is really an application designed to trick you solely into buying Windows XP Fix’s licensed version. Bogus programs like Windows XP Fix do not show its true intentions until it’s too late and they are able to regenerate themselves if not completely removed from a compromised machine. Remember to ignore all claims and notifications issued by Windows XP Fix and never give Windows XP Fix your credit card information.

How Windows XP Fix Infects Your Computer

Windows XP Fix is typically installed by a Trojan (e.g. the Zlob Trojan). Trojans associated with Windows XP Fix are usually installed without the computer user’s knowledge. Here are some common ways in which Trojans can be downloaded and installed on a PC:

• Trojans are often disguised as other files. Typically, Trojans may be disguised as popular downloadable programs on file-sharing networks, video codecs for viewing adult videos or pirated streaming movies, or system updates from a third-party website.
• A dangerous website can have a malicious script embedded in its web pages that forces and secretly downloads Trojan files onto a person’s computer.
• Trojans can also enter your computer system through exploits in Flash and JavaScript. A typical way of getting a Trojan is through a fake online malware or computer performance scan.

The Windows XP Fix Bogus Interface

Once Windows XP Fix is installed, the Trojan makes changes to the Windows Registry. This allows Windows XP Fix to start up automatically when you log into your system. When the computer user looks at their Desktop, he/she will be greeted by the Windows XP Fix main screen. This interface has three parts:

• On the top section, there is a horizontal list of options, including a very convincing “Help & Support” button.
• The main section of the window includes different options; there’s a red exclamation mark beside three or four of these options (indicating a supposed problem in the user’s computer).
• On the right side, there will be three different modules. The bottom module will have the “Advanced Module” disabled. To enable the “Advanced Module”, the computer user would have to enter his/her credit card information. Conveniently enough, all the imaginary errors require the use of the “Advanced Module.”

All of the convincing options, scans, and modules are there to convince further the victim the scam is legitimate. Windows XP Fix’s interface is only a feeble attempt to imitate reputable Windows defragmentation tools. Regardless of your hard disk’s state, the results of any scan will always be exaggerated and riddled with falsehoods. The real infection on your computer is Windows XP Fix. Remove Windows XP Fix with a strong malware/rootkit removal utility.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows XP Fix?

Windows XP Fix Technical Report

As new Windows XP Fix details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows XP Fix:

The following fake error message(s) appears for Windows XP Fix:

Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error.

Fix Disk
Windows XP Fix Diagnostics will scan the system to identify performance problems.
Start or Cancel

Windows XP Fix Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?

Windows – No Disk
Exception Processing Message 0×0000013

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Low Disk Space
You are running very low disk space on Local Disk (C:).

Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Hard Drive not found. Missing hard drive.

Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error.

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

Windows XP Fix Removal Details

Windows XP Fix has typically the following processes in memory:

• %LocalAppData%\[RANDOM CHARACTERS].exe

Windows XP Fix creates the following files in the system:

• %StartMenu%\Programs\Windows XP Fix\Uninstall Windows XP Fix.lnk
• %StartMenu%\Programs\Windows XP Fix\
• %LocalAppData%\[RANDOM CHARACTERS]
• %StartMenu%\Programs\Windows XP Fix\Windows XP Fix.lnk

Windows XP Fix creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS]”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS].exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0′

Important Article Disclaimer