XP Antivirus 2013 Description

[+] Click Image to Enlarge

• 

XP Antivirus 2013 is a rogue security program with a large number of clones. In previous years, ESG security researchers received reports of attacks involving versions of this threat with names such as XP Antivirus 2010, XP Antivirus 2011 and XP Antivirus 2012. As 2013, criminals have started to release versions of their rogue security software with the string ‘2013′ appended to the programs’ names. It is important to note that XP Antivirus 2013 is no different from previous versions of this malware threat, and that, apart from slight changes to the interface and the difference in the program’s name, is essentially the same as numerous other fake security programs. If XP Antivirus 2013 is installed on your computer, ESG security researchers strongly recommend using a powerful, fully updated anti-malware program to remove this threat.

XP Antivirus 2013 Has a Unique Characteristic that Sets It Apart from Other Malware

One aspect of XP Antivirus 2013 that is unique in comparison to other fake security software families is that XP Antivirus 2013 can change its name and appearance depending on the victim’s operating system. Once installed, XP Antivirus 2013 detects the operating system installed on the infected computer. Then, XP Antivirus 2013 will download the text and graphics corresponding to a version of XP Antivirus 2013 appropriate for the targeted computer. While XP Antivirus 2013 is designed to attack computers running the Windows XP operating system, computers infected with this very same threat will be attacked by fake security programs with names such as Vista Antivirus 2013 or Win 7 Antivirus 2013. It is important to note that this is purely a cosmetic change and that the infection will essentially be the same.

Once XP Antivirus 2013 is installed on the victim’s computer, XP Antivirus 2013 makes harmful changes to the Windows Registry and to your computer’s settings. These invasive changes allow XP Antivirus 2013 to display error messages that appear to come from your operating system, as well as run automatically when the infected computer starts up and block certain applications or access to certain files. All of this is done in an attempt to convince inexperienced computer users that their computer has become infected with numerous Trojans and viruses. XP Antivirus 2013 is disguised as an anti-virus program, and when the victim attempts to fix these nonexistent infections using XP Antivirus 2013, this fake security program will prompt the victim to pay for a ‘full version’ of this rogue security application.

Type: Rogue Anti-Virus Program

How Can You Detect XP Antivirus 2013?

XP Antivirus 2013 Technical Report

As new XP Antivirus 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for XP Antivirus 2013:

The following fake error message(s) appears for XP Antivirus 2013:

Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Privacy alert!
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

Security Breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for and anti-spyware scan.

Malware intrusion!
Sensitive areas of your system ware found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

XP Antivirus 2013 Removal Details

XP Antivirus 2013 has typically the following processes in memory:

• %CommonAppData%\[RANDOM CHARACTERS].exe
• %LocalAppData%\[RANDOM CHARACTERS].exe
• %Temp%\[RANDOM CHARACTERS].exe
• %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe

XP Antivirus 2013 creates the following registry entries:

• HKEY_CURRENT_USER\Software\Classes\ “(Default)” = ‘Application’
• HKEY_CURRENT_USER\Software\Classes\\DefaultIcon “(Default)” = ‘%1′
• HKEY_CLASSES_ROOT\ah\shell\open\command “IsolatedCommand”
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe -a “C:\Program Files\Mozilla Firefox\firefox.exe”"
• HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ”
• HKEY_CURRENT_USER\Software\Classes\\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode”
• HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_CLASSES_ROOT\
• HKEY_CLASSES_ROOT\ah\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”"

Important Article Disclaimer