XP Antivirus 2012

XP Antivirus 2012 Description

ScreenshotXP Antivirus 2012 is a rogue anti-virus application that exclusively affects computers with the Windows XP operating system. XP Antivirus 2012 is one of the many different disguises of the Ppn.exe executable file. Ppn.exe is characterized by its ability to slip on different disguises, depending on the operating system it is infecting. XP Antivirus 2012 is one of many possible names it can take, when invading a Windows XP operating system.

XP Antivirus 2012 and the Many Faces of Ppn.exe

One of the main advantages Ppn.exe has over other files is its ability to change its name and appearance. The creators of rogue security applications often circumvent real security programs by creating clones of their harmful software. Clones are copies of the same program. They tend to have different names and often a different graphics theme. However, creating clones is not an easy task for criminals. The makers of Ppn.exe avoided the problem of constantly having to make clones of rogue security programs in a rather clever way. Instead of making clones, they gave the file the ability to download different skins to change its name and appearance each time. Giving Ppn.exe new faces and disguises to choose from is much easier than having to create entirely new versions of the same program. This new development quickly caught the attention of computer security experts all over the world.

How Ppn.exe Disguises Itself as XP Antivirus 2012

Just like a criminal master of disguise, Ppn.exe can choose from a virtual closet full of masks and disguises. There are three main sets of possible disguises. Each of these has skins corresponding to the three most widespread versions of the Windows operating system: Windows Vista, Windows 7, and Windows XP. When Ppn.exe is being installed, it checks the operating system of the computer it is invading. Then, it downloads a disguise corresponding to the operating system it found. XP Antivirus 2012 is one of the possible skins for computer users using the Windows XP operating system. Similar disguises in the other two sets of skin would be named something like Win 7 Antivirus 2012 or Vista Antivirus 2012.

What XP Antivirus 2012 Does to Your Computer

XP Antivirus 2012 has several avenues of attack, all of these designed to make the computer user panic and reveal his/her credit card information. Some of these are done directly in the foreground, while some are done without the computer user's knowledge. Here is a list of XP Antivirus 2012 actions that are clearly visible and easy to detect.

- XP Antivirus 2012 starts up without your authorization. XP Antivirus 2012 is often the first thing the computer user will see after Windows starts up.

- XP Antivirus 2012 will perform fake system scans, detect numerous false infections on your system.

- XP Antivirus 2012 alarms the computer user with a constant barrage of alerts, error messages, and pop-up notifications.

Using Trojans and dangerous scripts, XP Antivirus 2012 performs several actions in the background. Here is a list of possible actions that Trojans associated with XP Antivirus 2012 perform without your knowledge.

- Block or hide executable files, programs, and restrict access to system folders on your own computer.

- Block access to the Internet or change your browser settings to redirect you to XP Antivirus 2012's own websites.

- Can alter your security settings, registry, and other important system files to make your computer more vulnerable to attacks.

XP Antivirus 2012 belongs to the FakeXPA family of rogue security programs and nas among its clones Antivirus 7, AVG Antivirus 2011, AntivirusBEST, Earth Antivirus, Personal Security, Alpha Antivirus, Personal Security Pro, Anti-Virus Professional, Antivir, Cyber Security, Ghost Antivirus, Antivirus 2009, Nortel Antivirus, XP Antivirus 2013, Antivirus 360, MaCatte Antivirus 2009, Antivirus 2010, Eco Antivirus, E-Set Antivirus 2011, Antivirus 8, Antivirus GT.

Aliases: Win32:Zwangi-CZ [PUP] [Avast5], AdWare.Win32.Fednu.dz [Rising], AdWare/Win32.Zwangi.gen [Antiy-AVL], a variant of Win32/Adware.OneStep.AI [NOD32], not-a-virus:AdWare.Win32.Zwangi.heur [Kaspersky], Adware.OneStep [SUPERAntiSpyware], Adware.Win32.Zwangi.a (v) [VIPRE], Trojan.SuspectCRC!IK [Emsisoft], OneStepSearcher.AG [AVG], Suspicious file [Panda], UDS:DangerousObject.Multi.Generic [Kaspersky], HEUR:Trojan.Win32.Generic [Kaspersky], Trojan.Generic.KD.273651 [BitDefender], Trojan.AVKill.7187 [DrWeb] and FraudTool.Win32.FakeRean.i (v) [VIPRE].

Infected with XP Antivirus 2012? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect XP Antivirus 2012
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how XP Antivirus 2012 infects a computer.

Is your PC Infected with XP Antivirus 2012?

File System Details

XP Antivirus 2012 creates the following file(s):
# File Name Size MD5 Detection Count
1 %SystemDrive%\Documents and Settings\adrian.agnew\Local Settings\Application Data\mmc.exe 344,064 1434c50385a6e81f7ba5d081aafa9e0e 95
2 oqf.exe 367,104 718b31c6d90a7731f88f92400cc1a212 93
3 %TEMP%\Low\aka.exe 339,968 8759b185ac5d846a6665f47e0a9bdf13 40
4 %ALLUSERSPROFILE%\QuestScan\questscan172.exe 26,112 5bffd0b4493b22b8385b73e17638fff6 8
5 %ALLUSERSPROFILE%\QuestScan\questscan173.exe 26,112 e53fb610fb4c8800db4dd1209066d2e0 2
6 %USERPROFILE%\Local Settings\Application Data\vxe.exe 339,968 45d35cc0fbd7ffdf35f7ef86730cdc15 2
7 %AppData%\Local\random.exe N/A
8 %UserProfile%Local SettingsApplication Datapw.exe N/A
9 %UserProfile%AppDataLocalMSASCui.exe N/A
10 %AppData%\Local\.exe N/A
11 %Temp%\random.exe N/A
12 %UserProfile%Local SettingsApplication Datavz.exe N/A
13 %UserProfile%AppDataLocalvz.exe N/A
14 %AllUsersProfile%\random.exe N/A
15 %AppData%\Roaming\Microsoft\Windows\Templates\random.exe N/A
16 %UserProfile%Local SettingsApplication DataMSASCui.exe N/A
17 %UserProfile%AppDataLocalpw.exe N/A
18 %UserProfile%AppDataLocalopRSK N/A
19 %UserProfile%Local SettingsApplication DataopRSK N/A

Registry Details

XP Antivirus 2012 creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftSecurity Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 4 + 13 ?