Mal/FakeXPA-A

Mal/FakeXPA-A Description

Mal/FakeXPA-A is a Windows platform Trojan horse that may advertise rogue security applications. Mal/FakeXPA-A has the ability to steal a victim's sensitive information and use the internet to send it to a remote server via HTTP. Mal/FakeXPA-A may also launch frequent pop-ups and security notifications recommending users to purchase fake anti-spyware programs.

Aliases: Adware/SystemSecurity2009 [Panda], W32/FakeAv.YM!tr [Fortinet], Win32/GreenAV.A [eTrust-Vet], Troj/FakeAv-YM [Sophos], Trojan.FakeXPA.A.550 [McAfee-GW-Edition], TROJ_FAKEAV.BOM [TrendMicro], TR/FakeXPA.A.550 [AntiVir], Rogue:W32/XPAntivirus.GQN [F-Secure], Trojan.Fakeavalert [Symantec], Win32/Adware.Agent.NLE [NOD32], Trojan/W32.Agent.128512.AI, Generic FakeAlert.c [McAfee+Artemis], Generic18.WCL [AVG], Gen.Trojan [Ikarus] and Trojan.Win32.Generic.521AEB7E.

Technical Information

File System Details

Mal/FakeXPA-A creates the following file(s):
# File Name Size MD5 Detection Count
1 %TEMP%UpdateCheck.dll 409,600 0735f3b4a6ba170e1ffbddd548e8a94b 39
2 %USERPROFILE%\My Documents\Stephen\new 11\AGTwin_2005-19_b5.exe 268,800 5b934bfc6f714bdafacb620fcaee8619 29
3 J:\Misc Temp\Setup_364s1.exe 214,528 85fd56d9483bb0ecd2322aa69799e456 29
4 %USERPROFILE%\My Documents\InstallAVv_77023206.exe 92,160 659cd431388aed6024aa665a0f9a1e5d 22
5 %WINDIR%\system32\UpdateExplorer.dll 343,552 fb183711a8be1660abd94a9281d39c1f 17
6 %ALLUSERSPROFILE%\Application Data\eca\west.exe 862,926 9ef6bbe676fce73e71cdcc20e2bbb791 13
7 %TEMP%MicrosoftExtensions.dll 356,864 d29479d6d646996fa44e44789ab030b7 11
8 %USERPROFILE%\My Documents\My Downloads\Alpha-Scan-32a1_2024-5.exe 172,032 f6c646da9662c3d8bcaa916ade3f461a 8
9 %USERPROFILE%\My Documents\ASetup_2024-6.exe 190,464 7ef47c305eefa5899440d1d39ab7d510 6
10 %USERPROFILE%\My Documents\Vir7remover_2014-1_b8.exe 200,192 6eb005eb40a9a8c6b6cc9a203bf9d01d 4
11 C:\GOLF\Scanner-f524fb_2006-63.exe 155,648 85a6c733775d2e3a75cd5565ec7085e7 4
12 %USERPROFILE%\My Documents\setup_2005-19_b5.exe 220,160 0cf050370025eaf107851966c40fc6e4 4
13 %USERPROFILE%\Desktop\Antivirus-29a_2024-2.exe 176,128 c75cfc317b2b5b29d14a12e10eb66062 3
14 %USERPROFILE%\My Documents\Setup_40s8.exe 201,216 bed56eb9957cb4e9eb635f44bb7dc3b1 3
15 %ALLUSERSPROFILE%\Application Data\gav\QWProtect.dll 128,512 8ab7ecbd8c7a9824f8461463ec95aea3 3
16 %USERPROFILE%\Skrivebord\MalvRem_312s1.exe 229,376 e25450ef587e9c39d609839521bec6a6 2
17 s AssistanceAV7instal_2013.exe 193,536 0df56c24318ba311c815bdee25f1a029 2
18 %USERPROFILE%\Desktop\InstallAVv_77043301.exe 116,736 8ac55da3db6bf8d9ff0bede1052fe251 2
19 %USERPROFILE%\My Documents\Elliot\mry lafco\XPantivirus2008_v880167.exe 60,416 4bec938c17474000c588d1ae7c2ab953 2
20 %USERPROFILE%\My Documents\Vir7remover_2009_b2.exe 198,144 273dc76e598f1944ccc691b53965d3de 1
21 J:MalvRem_257.exe 233,984 d1839da6ecaf024b21960b65a3071ed7 1
22 %USERPROFILE%\My Documents\My Data Sources\Install_2018-2.exe 135,168 867da937330d28b92f1caae0ba1b7ad4 1
23 %USERPROFILE%\Desktop\InstallAVv_880385.exe 100,352 ac6fe8405bff92309056916aea37d4b2 1
24 %USERPROFILE%\Desktop\Setup_436.exe 217,088 4dce3375298af61b4c1d6522f2dc7d16 1
25 %USERPROFILE%\Desktop\setup_2022_b8.exe 235,008 783890aeba4af4da94c3301f111b5f33 1
26 %USERPROFILE%\My Documents\AVbinrun_2013_b8.exe 228,864 ac0b9ad98129f4f384479773c7f643d8 1
27 SysLoader.exe 265,728 e0f5cf2339f0fb83a602c7d8493149ef 0
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.