XP Antivirus 2013

XP Antivirus 2013 Description

ScreenshotXP Antivirus 2013 is a rogue security program with a large number of clones. In previous years, ESG security researchers received reports of attacks involving versions of this threat with names such as XP Antivirus 2010, XP Antivirus 2011 and XP Antivirus 2012. As 2013, criminals have started to release versions of their rogue security software with the string '2013' appended to the programs' names. It is important to note that XP Antivirus 2013 is no different from previous versions of this malware threat, and that, apart from slight changes to the interface and the difference in the program's name, is essentially the same as numerous other fake security programs. If XP Antivirus 2013 is installed on your computer, ESG security researchers strongly recommend using a powerful, fully updated anti-malware program to remove this threat.

XP Antivirus 2013 Has a Unique Characteristic that Sets It Apart from Other Malware


One aspect of XP Antivirus 2013 that is unique in comparison to other fake security software families is that XP Antivirus 2013 can change its name and appearance depending on the victim's operating system. Once installed, XP Antivirus 2013 detects the operating system installed on the infected computer. Then, XP Antivirus 2013 will download the text and graphics corresponding to a version of XP Antivirus 2013 appropriate for the targeted computer. While XP Antivirus 2013 is designed to attack computers running the Windows XP operating system, computers infected with this very same threat will be attacked by fake security programs with names such as Vista Antivirus 2013 or Win 7 Antivirus 2013. It is important to note that this is purely a cosmetic change and that the infection will essentially be the same.

Once XP Antivirus 2013 is installed on the victim's computer, XP Antivirus 2013 makes harmful changes to the Windows Registry and to your computer's settings. These invasive changes allow XP Antivirus 2013 to display error messages that appear to come from your operating system, as well as run automatically when the infected computer starts up and block certain applications or access to certain files. All of this is done in an attempt to convince inexperienced computer users that their computer has become infected with numerous Trojans and viruses. XP Antivirus 2013 is disguised as an anti-virus program, and when the victim attempts to fix these nonexistent infections using XP Antivirus 2013, this fake security program will prompt the victim to pay for a 'full version' of this rogue security application.

Infected with XP Antivirus 2013? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect XP Antivirus 2013

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

XP Antivirus 2013 Technical Report


As new XP Antivirus 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Screenshots & Other Imagery

Screenshot


Technical Information

File System Details

XP Antivirus 2013 creates the following file(s):
# File Name
1 %CommonAppData%\[RANDOM CHARACTERS].exe
2 %LocalAppData%\[RANDOM CHARACTERS].exe
3 %Temp%\[RANDOM CHARACTERS].exe
4 %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe

Registry Details

XP Antivirus 2013 creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CLASSES_ROOT\
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""

More Details on XP Antivirus 2013

The following messages associated with XP Antivirus 2013 were found:
Malware intrusion!
Sensitive areas of your system ware found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.
Privacy alert!
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.
Security Breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for and anti-spyware scan.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 15 + 13 ?