FakeXPA

FakeXPA Description

FakeXPA is a family of rogue security applications that have been detected in the wild since 2008. Some examples of rogue security programs that belong to the FakeXPA family of fake security applications include Antivirus 2009, 2010 and 360, Total Security 2009 and 2011, Green AV, Alpha AV, Cyber Security and fake versions of E-Set and AVG anti-virus programs. ESG security researchers consider that any fake security programs on your computer system belonging to the FakeXPA family of rogue security programs pose a severe threat to your computer system's security and should be removed immediately with a real, legitimate anti-malware application.

Understanding How Fake Security Programs in the FakeXPA Family Infect Your System

Programs in the FakeXPA family of malware claim to scan the victim's computer system and display multiple fake error messages claiming that the victim's computer has fallen victim to a virus attack. These fake security programs claim that they can only remove these imaginary threats if the victims pay for a 'full version' of the rogue security program in question. Malware in the FakeXPA family are characterized because they imitate Windows Security Center closely. According to ESG security researchers, some malware in the FakeXPA family has been known to connect to a remote server and download the Alureon Trojan and rootkit and install it onto the victim's computer. These distributions of FakeXPA rogue security programs are particularly dangerous and may require a specialized anti-rootkit tool to be removed.

How FakeXPA Rogue Security Programs are Installed on the Victim's Computer System

The FakeXPA installer will usually be associated with additional malware, which will be installed on the same directory as the rogue security program itself. This malware infection will usually take the form of an executable file with the EXE extension (such as 'win.exe', for example). As part of their payload, malware belonging to the FakeXPA family will overwrite any security programs it finds on the victim's computer. They will check the victim's computer's Windows Registry in order to detect common security programs, particularly AVG, Kaspersky, Norton, McAfee and Norton. Then, these dangerous rogue security programs will overwrite portions of executable files corresponding to these legitimate security applications. This corrupts them, disabling them completely. Once the victim's security software has been disabled, FakeXPA has free rein to attack the victim's computer and cause browser redirects, block access to the victim's files and carry out its malicious scam.

Aliases: Trojan.Fakeavalert [Symantec], Generic FakeAlert.c [McAfee+Artemis], Trojan/W32.Agent.128512.AI [nProtect], Win32/Adware.Agent.NLE [NOD32], Adware/SystemSecurity2009 [Panda], Rogue:W32/XPAntivirus.GQN [F-Secure], TR/FakeXPA.A.550 [AntiVir], TROJ_FAKEAV.BOM [TrendMicro], Trojan.FakeXPA.A.550 [McAfee-GW-Edition], Troj/FakeAv-YM [Sophos], Win32/GreenAV.A [eTrust-Vet], W32/FakeAv.YM!tr [Fortinet], Win32.GenHeur.TP.Nk@ [eSafe], Gen.Trojan!IK [a-squared] and TrojanSpy.Agent.WUHY [VirusBuster].

Infected with FakeXPA? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect FakeXPA * SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

FakeXPA creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\System32\UpdateExplorer.dll 356,864 aac1ea9913ef4ec108fa6dc2eab56848 36
2 %USERPROFILE%\My Documents\Stephen\new 11\AGTwin_2005-19_b5.exe 268,800 5b934bfc6f714bdafacb620fcaee8619 29
3 %USERPROFILE%\My Documents\InstallAVv_77023206.exe 92,160 659cd431388aed6024aa665a0f9a1e5d 22
4 %ALLUSERSPROFILE%\Application Data\eca\west.exe 862,926 9ef6bbe676fce73e71cdcc20e2bbb791 13
5 %TEMP%MicrosoftExtensions.dll 356,864 d29479d6d646996fa44e44789ab030b7 11
6 %USERPROFILE%\My Documents\My Downloads\Alpha-Scan-32a1_2024-5.exe 172,032 f6c646da9662c3d8bcaa916ade3f461a 8
7 %USERPROFILE%\My Documents\Vir7remover_2014-1_b8.exe 200,192 6eb005eb40a9a8c6b6cc9a203bf9d01d 4
8 %USERPROFILE%\My Documents\setup_2005-19_b5.exe 220,160 0cf050370025eaf107851966c40fc6e4 4
9 %USERPROFILE%\Desktop\Antivirus-29a_2024-2.exe 176,128 c75cfc317b2b5b29d14a12e10eb66062 3
10 %ALLUSERSPROFILE%\Application Data\gav\QWProtect.dll 128,512 8ab7ecbd8c7a9824f8461463ec95aea3 3
11 %USERPROFILE%\My Documents\Setup_40s8.exe 201,216 bed56eb9957cb4e9eb635f44bb7dc3b1 3
12 s AssistanceAV7instal_2013.exe 193,536 0df56c24318ba311c815bdee25f1a029 2
13 %USERPROFILE%\Skrivebord\MalvRem_312s1.exe 229,376 e25450ef587e9c39d609839521bec6a6 2
14 %WINDIR%\System32\UpdateCheck.dll 629,248 927787fd258ba08ceb884b7c103ce0c8 2
15 %USERPROFILE%\My Documents\Elliot\mry lafco\XPantivirus2008_v880167.exe 60,416 4bec938c17474000c588d1ae7c2ab953 2
More files

Related Posts

Site Disclaimer

(No Ratings Yet)
Loading...Loading...
User Rating:
By Domesticus in Rogue Anti-Spyware Program
Translate To: Português
Share:
Threat Scorecard
?
The ESG Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESG Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESG Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESG Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESG Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular PC threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected PCs: The number of confirmed and suspected cases of a particular threat detected on infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected PCs of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows PC users to track the geographic distribution of a particular threat throughout the world.
Ranking: N/A
Threat Level: 9
Infected PCs: 648
% Change 30 Days:
0%
7 Days:
0%
1 Day:
10%

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 5 + 7 ?