XP Antivirus Pro 2013

XP Antivirus Pro 2013 Description

ScreenshotThere has been a large number of reports of widespread infections involving updated variants of the FakeRean or Braviax family of malware. XP Antivirus Pro 2013 is one of the many names that are being used by these fake security programs to scam unsuspecting computer users. As is common with these kinds of fake security programs, there are numerous clones of XP Antivirus Pro 2013. All of these fake security programs use a similar pattern for determining each fake security application's name. The first word is usually the targeted operating system (in this case it is XP since the targeted operating system is Windows XP). It is followed by a generic term that makes it seem as if the program is a security application such as antimalware, home security, antivirus, internet security, etc. Finally, these programs will have the current year tacked on to the end of the rogue security application's name.

The newest variants in this family of malware, including XP Antivirus Pro 2013, use the year '2013.' However, apart from its denomination, there is no dissimilarity between XP Antivirus Pro 2013 and previous versions such as Win 7 Home Security Pro 2013, PCclean Pro, Win 7 Defender, XP Antivirus Plus 2013, Windows Vista Antivirus 2012, Win 7 Internet Security 2013, Windows Antivirus 2008, Vista Home Security 2013, Win 8 Antispyware 2013, XP Security Plus 2013, Win 7 Antivirus 2013, Win 7 Security Plus 2013, Win 7 Antispyware 2013, Windows XP Internet Security 2012, Windows 7 Antispyware 2012, Win 7 Security Cleaner Pro, Windows Vista Internet Security 2012, Windows 7 Internet Security 2012, Internet Security Pro, Internet Protector, Internet Security 2013, Windows Vista Security 2012, Win 7 Home Security 2013, PC Defender Plus, Internet Security Plus, XP Antispyware 2013, XP Defender 2013, XP Internet Security 2013, Spyware Protection 2010, XP Home Security 2013, Win 8 Defender 2013, Internet Security Pro 2013, Vista Antivirus Plus 2013, Win 7 Security 2012, Internet Security 2012, Vista Internet Security 2012, Vista Smart Defender Pro, ThinkPoint, Win 7 Defender Plus 2013, TitanAntivirus2013/PCDefender360, Win 7 Total Security 2013, Win 8 Antivirus 2013, XP Security 2013, Windows Essentials Pro 2013, Security Cleaner Pro, Win 7 Internet Security 2012, Antispyware Pro 2012, Win 8 Protection 2013, XP Defender Plus 2013, XP Home Security 2012, XP Total Security 2013, XP Antivirus 2013, Windows 7 Defender 2013, Win 7 Internet Security Pro 2013, Privacy Protection, XP Internet Security Pro 2013, Internet Security Protection, Vista Antivirus 2012, Win 8 Security System, Win 8 Security Suite 2013, Internet Security Premium, Vista Security 2013, XP Security Cleaner Pro, Antivirus2008, Vista Internet Security 2013, Antivirus Pro 2009, Palladium Pro, Win 7 Antivirus Plus 2013, Vista Internet Security Pro 2013, XP Security 2012, Win 7 Security, Antivirus Plus 2014, AntiSpy Safeguard, XP Anti-Virus 2011, Win 7 Security 2013, Vista Antispyware 2013, Win 7 AntiVirus 2012, Vista Defender Plus 2013, Vista Total Security 2013, Vista Security Plus 2013, Vista Defender, Win 8 Home Security 2013, Vista Security Cleaner Pro, XP Internet Security 2012, Vista Security 2012, Vista Antivirus 2013, Internet Security 2014, Vista Antivirus 2008, Internet Security, CleanThis, Win 7 Internet Security 2011 and MySafePC 2014 .

XP Antivirus Pro 2013 and its clones attack particular Windows versions. Although the Trojan that installs XP Antivirus Pro 2013 attacks a variety of computers, each fake security program's name varies depending on the infected computer's operating system. XP Antivirus Pro 2013 is only installed on computers running Windows XP. If the targeted computer is using another version of Windows, such as Windows 7, Windows 8 or Vista, then a program named Win 7 Antivirus Pro 2013, Win 8 Antivirus Pro 2013 or Vista Antivirus Pro 2013 would be installed instead.

XP Antivirus Pro 2013 is designed to make its victims be convinced that their machine is infested with malware. This fake security program harasses its victims with numerous fake error messages and system alerts. When the victim attempts to fix these supposed problems with XP Antivirus Pro 2013, this fake security program displays error messages urging the victim to pay for a fake upgrade for XP Antivirus Pro 2013. Since XP Antivirus Pro 2013 isn't capable of detecting or removing malware and is part of a malware attack itself, ESG security researchers recommend its complete removal using a strong anti-malware program that is fully up to date.
Aliases: Trojan.Generic.KDV.600965 [nProtect], Artemis!8A7BB35885CF [McAfee], W32/Suspicious_Gen4.ZLLT [Norman], Win32:Bancos-CDL [Spy] [Avast], Win32.Bancos!IK [Emsisoft], Trojan.KillProc.15905 [DrWeb], TR/Bancos.CDL.8 [AntiVir], Trojan/Win32.Diple [AhnLab-V3], Win32.Bancos [Ikarus], Trojan.Generic.KD.901964 [MicroWorld-eScan], Trojan.FakeMS [Malwarebytes], Trojan-Ransom.Win32.Foreign.asxx [Kaspersky], Gen:Trojan.Heur.LP.iu8@aG6fpHgi (B) [Emsisoft], Trojan-Spy/W32.Agent.1268233 [nProtect] and a variant of MSIL/Injector.U [NOD32].

Infected with XP Antivirus Pro 2013? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect XP Antivirus Pro 2013

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

XP Antivirus Pro 2013 Image 1 XP Antivirus Pro 2013 Image 2 XP Antivirus Pro 2013 Image 3 XP Antivirus Pro 2013 Image 4 XP Antivirus Pro 2013 Image 5 XP Antivirus Pro 2013 Image 6 XP Antivirus Pro 2013 Image 7

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of XP Antivirus Pro 2013 outbreaks and other threats from global to local level.

File System Details

XP Antivirus Pro 2013 creates the following file(s):
# File Name Size MD5 Detection Count
1 %TEMP%\Imgtask.exe 7,680 c556795f3d294a5a26cadd162618b431 546
2 %PROGRAMFILES%\ScreensCorner\Common\msudt.dll 249,856 ce4a08df9002515259af6830caa86457 470
3 %APPDATA%\Microsoft\Windows\Templates\spsreng.exe 9,728 5dfd2f29f088c6282a6870ce51084271 200
4 %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FCCG2QO\musicoasis.exe 1,654,464 f4db764594373a863be4be7447cca7ec 184
5 %TEMP%\iglsldvx.exe 847,692 bd81e1a53c2ca111cb22e77a1d288ce7 162
6 %LOCALAPPDATA%\{13A77281-4776-76DC-BC71-A8F19C506D24}\syshost.exe 147,533 cf78c884b8996cbe76e6a8e11dc0ba00 126
7 %PROGRAMFILES%\Ticno\Tabs\TicnoTabsBho120605.dll 683,520 b1f587de496ce8cf86d20a180cb36f90 96
8 setup.exe 48,640 d2044922b24894ea676abebb24faa4e9 65
9 %PROGRAMFILES(x86)%\PCSafeDoctor\pcsafedoctor.exe 2,066,432 249997471913b03d04bdae1812cc304e 55
10 %APPDATA%\Microsoft\Windows\AdvService.exe 167,424 f2c01affa1872bac7954da907a92e474 43
11 %USERPROFILE%\mqgka.exe 74,690 be577b2808dd979331a21fa0b52f70e7 31
12 %APPDATA%\ABBYY\sp.DLL 146,944 94637c1dfbb30c8714d7aeb41f96c6b7 31
13 %USERPROFILE%\Templates\CertPolEng.exe 5,120 4753c273bf07228289abf257ff74f67b 26
14 %APPDATA%\qtwm.exe 593,985 eb9bf3c454c380e356cce4fa9b56e1f0 25
15 %LOCALAPPDATA%\Lollipop\ovowwgw.exe 1,525,248 d3cc1636679854821813267dd1e3efb2 24
16 %CommonApplData%\[RANDOM CHARACTERS_2] N/A
17 %LocalAppData%\[RANDOM CHARACTERS_2] N/A
18 %Temp%\[RANDOM CHARACTERS_2] N/A
19 %UserProfile%\Templates\[RANDOM CHARACTERS_2] N/A

More files

Registry Details

XP Antivirus Pro 2013 creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0_0]\ Application
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas

More Details on XP Antivirus Pro 2013

The following messages associated with XP Antivirus Pro 2013 were found:
Severe system damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
Virus intrusion!
Your computer security is at risk. Spyware, worms and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.
XP Antivirus Pro 2013 Firewall Alert
XP Antivirus Pro 2013 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 8 + 10 ?