XP Security 2013 Description
XP Security 2013 is a dangerous anti-virus program that propagates with the help of Trojans. XP Security 2013 tries to imitate a trustworthy and powerful security program by pretending to scan the compromised PC and detect malware infections on the computer system, which, in truth, are absolutely false. XP Security 2013 attempts to convince victims to purchase its so-called full version to remove those supposed PC infections. XP Security 2013 was created by cybercriminals with the only aim to deceive unsuspecting computer users and swindle them out of their money. XP Security 2013 has no capability of detecting and removing any type of malware threats. Once installed, XP Security 2013 immediately starts displaying fake pop-up warning messages to intimidate you into thinking that your PC is compromised. In reality, your computer has been corrupted by malware, but the real security threat is XP Security 2013 itself, which has to be removed as soon as possible with a genuine security program. ESG’s security analysts highly recommend you not to believe anything associated with XP Security 2013 and purchase this malware application.
Type: Rogue Anti-Virus Program
How Can You Detect XP Security 2013?
XP Security 2013 Technical Report
As new XP Security 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for XP Security 2013:
The following fake error message(s) appears for XP Security 2013:
XP Security 2013 Removal Details
XP Security 2013 has typically the following processes in memory:
- %LocalAppData%\[RANDOM CHARACTERS].exe
XP Security 2013 creates the following files in the system:
- %LocalAppData%\[RANDOM CHARACTERS]
- %Temp%\[RANDOM CHARACTERS]
- %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
- %CommonAppData%\[RANDOM CHARACTERS]
XP Security 2013 creates the following registry entries:
- HKEY_CURRENT_USER\Software\Classes\ “(Default)” = ‘Application’
- HKEY_CURRENT_USER\Software\Classes\\DefaultIcon “(Default)” = ‘%1′
- HKEY_CLASSES_ROOT\ah\shell\open\command “IsolatedCommand”
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe -a “C:\Program Files\Mozilla Firefox\firefox.exe”"
- HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ”
- HKEY_CURRENT_USER\Software\Classes\\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
- HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode”
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
- HKEY_CLASSES_ROOT\ah\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”"