XP Antispyware 2013 Description

[+] Click Image to Enlarge

• 

XP Antispyware 2013 is a fake anti-spyware application that is created by cybercriminals to intimidate victims into believing their computers have been infected with numerous security infections. XP Antispyware 2013 attempts to convince PC users to buy the imaginary full version of scareware. The main problem with XP Antispyware 2013 is that its full edition will not protect the computer from real malware threats. Although the name and interface of XP Antispyware 2013 may sound and look trustworthy, XP Antispyware 2013 will not secure the PC and fix computer problems. XP Antispyware 2013 could be bundled with a Trojan that is downloaded from malicious websites. Trojans take advantage of security holes and other system vulnerabilities to enter the targeted computer. XP Antispyware 2013 attempts to persuade victims to purchase scamware and gain credit card details to steal money. After installation, XP Antispyware 2013 will launch fictitious system scans and display pop-up warning messages. XP Antispyware 2013 will create false PC scan results to frighten you into thinking your computer is corrupted by malware. To delete XP Antispyware 2013 and the Trojan associated with it, ESG’s malware research team advises you to use a legitimate malware removal tool that deals with rogue anti-spyware programs.

Type: Rogue AntiSpyware Programs

How Can You Detect XP Antispyware 2013?

XP Antispyware 2013 Technical Report

As new XP Antispyware 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for XP Antispyware 2013:

The following fake error message(s) appears for XP Antispyware 2013:

Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Threat detected!
Security alert! Your computer was found to be infected with Trojan-BNK.Win32.Keylogger.gen! Private data may get stolen and system may be severe. Recover your PC from the infection right now, perform a security scan.

System hacked!
Unknown program is scanning your system registry right now! Identity theft detected!

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

System hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Security Breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for and anti-spyware scan.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Severe system damage!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

XP Antispyware 2013 Removal Details

XP Antispyware 2013 has typically the following processes in memory:

• %LocalAppData%\[RANDOM CHARACTERS].exe

XP Antispyware 2013 creates the following files in the system:

• %LocalAppData%\[RANDOM CHARACTERS]
• %Temp%\[RANDOM CHARACTERS]
• %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
• %CommonAppData%\[RANDOM CHARACTERS]

XP Antispyware 2013 creates the following registry entries:

• HKEY_CURRENT_USER\Software\Classes\ “(Default)” = ‘Application’
• HKEY_CURRENT_USER\Software\Classes\\DefaultIcon “(Default)” = ‘%1′
• HKEY_CLASSES_ROOT\ah\shell\open\command “IsolatedCommand”
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe -a “C:\Program Files\Mozilla Firefox\firefox.exe”"
• HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ”
• HKEY_CURRENT_USER\Software\Classes\\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode”
• HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_CLASSES_ROOT\
• HKEY_CLASSES_ROOT\ah\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”"

Important Article Disclaimer