XP Antispyware 2012

XP Antispyware 2012 Description

ScreenshotXP Anti-Spyware 2012 is a dangerous application that can have catastrophic consequences on your system. XP Anti-Spyware 2012 can also allow third parties to access your personal information, have access to your browsing habits, and steal your credit card information. If you suspect you are infected with XP Anti-Spyware 2012, take steps to remove XP Anti-Spyware 2012 immediately from your system. Since these kinds of programs often leave your system vulnerable to further infections by other kinds of harmful software, it is advisable to scan your system with a trustworthy anti-virus or anti-malware application several times, once you have removed XP Anti-Spyware 2012 from your computer.

XP Anti-Spyware 2012 Facts

XP Anti-Spyware 2012 is a rogue anti-spyware program that has dozens of known clones. It is one of many possible iterations of the Ppn.exe process, a file program that changes names and skins, depending on the user's operating system. Security specialists suspect that Ppn.exe was created in the Russian Federation, and unleashed in 2011. It is delivered into people's computers through a Trojan, which can enter a user's computer in many different ways. Once in the user's computer it will download a skin and theme corresponding to the user's operating system. There are three known sets of skins that Ppn.exe can use; these sets are skins for Windows XP, skins for Windows 7, and skins for Windows Vista. XP Anti-Spyware 2012 is one of the possible themes used for infecting Windows XP systems. A similar skin for Windows Vista may be named Vista Anti-Spyware 2012 and the program's window and theme would imitate the Windows Vista look and window style.

Don't Become a XP Anti-Spyware Victim

Programs like XP Anti-Spyware 2012 are known as scareware because they try to scare users into entering their credit card information. These can vary in threat level and in their effects, but their end goal is always the same: to make the user think their computer is riddled with viruses and malware. Inexperienced users will then mistake XP Anti-Spyware 2012 for a legitimate anti-virus or anti-spyware program and enter their credit card information to buy a license to rid their system of the supposed infection. Don't fall for their scam, XP Anti-Spyware 2012 is the program that is infecting your computer. Effects on system performance may include:

- Blocked access to the Internet.

- Altered browser settings and aggressive redirecting to specific websites.

- Blocked system folders and files.

- Blocked access to the task manager.

- Decreased system performance and speed.

- Constant system alerts and pop-up notification.

It is important to remember that all of these are caused by XP Anti-Spyware 2012 itself, or are a result of the security threat that this program poses. Don't give XP Anti-Spyware 2012 your credit card information, and do not try to delete any of the supposedly infected files. Instead, use a legitimate anti-virus or anti-malware program to get rid of XP Anti-Spyware 2012.

How Do You Know XP Anti-Spyware 2012 Isn't the Real Thing?

Inexperienced users may have a difficult time telling XP Anti-Spyware 2012 apart from real anti-spyware software. There are several things that a real security application will never do:

- A legitimate anti-spyware program will not download itself without authorization.

- A real security program will allow you to delete it and will not block you from using your own computer.

A real anti-virus application will not change your home page or other browser settings

Aliases: Suspicious file [Panda], UDS:DangerousObject.Multi.Generic [Kaspersky], a variant of Win32/Kryptik.RGL [NOD32], Trj/CI.A [Panda], FakeAlert.AFC [AVG], W32/FakeAV.JR!tr [Fortinet], Trojan.Fakealert [Ikarus], Trojan/Win32.FakeAV [AhnLab-V3], Trojan.Win32.S.FakeAV.344064.I, Rogue:Win32/FakeRean [Microsoft], Mal/FakeAV-JR [Sophos], TR/Gendal.KD.296525 [AntiVir], FraudTool.Win32.FakeRean.i (v), Trojan.Fakealert.22773 [DrWeb] and TrojWare.Win32.Trojan.Agent.Gen [Comodo].

Technical Information

Screenshots & Other Imagery

XP Antispyware 2012 Image 1 XP Antispyware 2012 Image 2 XP Antispyware 2012 Image 3 XP Antispyware 2012 Image 4 XP Antispyware 2012 Image 5 XP Antispyware 2012 Image 6

File System Details

XP Antispyware 2012 creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\system32\config\systemprofile\AppData\Local\sae.exe 335,872 1a54aff914485e76e7d51bf488e186e5 2
2 %LOCALAPPDATA%lmk.exe 532,480 fbcbd2aba5d5aff5c8d1cd93fe304204 2
3 %USERPROFILE%\Configuraci??n local\Datos de programa\cuw.exe 344,064 6c036a1a0b3b25b83fbea52f332c69d5 1
4 %AppData%\Local\[RANDOM CHARACTERS].exe N/A
5 %AppData%\Local\[RANDOM CHARACTERS] N/A
6 %Temp%\[RANDOM CHARACTERS] N/A
7 %AllUsersProfile%\[RANDOM CHARACTERS] N/A
8 %AppData%\Roaming\Microsoft\Windows\Templates\[rRANDOM CHARACTERS] N/A
9 xkj.exe 348,160 7c095640bc204e19c44fa40d9a00d58a 0
10 dls.exe 2,281,472 0ddd81708871ad2bf1e241f07c774647 0

Registry Details

XP Antispyware 2012 creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’

More Details on XP Antispyware 2012

The following messages associated with XP Antispyware 2012 were found:
"Malware Intrusion Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start"
"System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here"
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
XP Antispyware 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?
XP Antispyware 2012 Firewall Alert
XP Home Security 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.