XP Antispyware 2012

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5
First Seen: August 9, 2011
OS(es) Affected: Windows

XP Antispyware 2012 Image

XP Anti-Spyware 2012 is a dangerous application that can have catastrophic consequences on your system. XP Anti-Spyware 2012 can also allow third parties to access your personal information, have access to your browsing habits, and steal your credit card information. If you suspect you are infected with XP Anti-Spyware 2012, take steps to remove XP Anti-Spyware 2012 immediately from your system. Since these kinds of programs often leave your system vulnerable to further infections by other kinds of harmful software, it is advisable to scan your system with a trustworthy anti-virus or anti-malware application several times, once you have removed XP Anti-Spyware 2012 from your computer.

XP Anti-Spyware 2012 Facts

XP Anti-Spyware 2012 is a rogue anti-spyware program that has dozens of known clones. It is one of many possible iterations of the Ppn.exe process, a file program that changes names and skins, depending on the user's operating system. Security specialists suspect that Ppn.exe was created in the Russian Federation, and unleashed in 2011. It is delivered into people's computers through a Trojan, which can enter a user's computer in many different ways. Once in the user's computer it will download a skin and theme corresponding to the user's operating system. There are three known sets of skins that Ppn.exe can use; these sets are skins for Windows XP, skins for Windows 7, and skins for Windows Vista. XP Anti-Spyware 2012 is one of the possible themes used for infecting Windows XP systems. A similar skin for Windows Vista may be named Vista Anti-Spyware 2012 and the program's window and theme would imitate the Windows Vista look and window style.

Don’t Become a XP Anti-Spyware Victim

Programs like XP Anti-Spyware 2012 are known as scareware because they try to scare users into entering their credit card information. These can vary in threat level and in their effects, but their end goal is always the same: to make the user think their computer is riddled with viruses and malware. Inexperienced users will then mistake XP Anti-Spyware 2012 for a legitimate anti-virus or anti-spyware program and enter their credit card information to buy a license to rid their system of the supposed infection. Don't fall for their scam, XP Anti-Spyware 2012 is the program that is infecting your computer. Effects on system performance may include:

- Blocked access to the Internet.

- Altered browser settings and aggressive redirecting to specific websites.

- Blocked system folders and files.

- Blocked access to the task manager.

- Decreased system performance and speed.

- Constant system alerts and pop-up notification.

It is important to remember that all of these are caused by XP Anti-Spyware 2012 itself, or are a result of the security threat that this program poses. Don't give XP Anti-Spyware 2012 your credit card information, and do not try to delete any of the supposedly infected files. Instead, use a legitimate anti-virus or anti-malware program to get rid of XP Anti-Spyware 2012.

How Do You Know XP Anti-Spyware 2012 Isn’t the Real Thing?

Inexperienced users may have a difficult time telling XP Anti-Spyware 2012 apart from real anti-spyware software. There are several things that a real security application will never do:

- A legitimate anti-spyware program will not download itself without authorization.

- A real security program will allow you to delete it and will not block you from using your own computer.

A real anti-virus application will not change your home page or other browser settingsScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Panda Suspicious file
Kaspersky UDS:DangerousObject.Multi.Generic
NOD32 a variant of Win32/Kryptik.RGL
Panda Trj/CI.A
AVG FakeAlert.AFC
Fortinet W32/FakeAV.JR!tr
Ikarus Trojan.Fakealert
AhnLab-V3 Trojan/Win32.FakeAV
Microsoft Rogue:Win32/FakeRean
Sophos Mal/FakeAV-JR
AntiVir TR/Gendal.KD.296525
DrWeb Trojan.Fakealert.22773
Comodo TrojWare.Win32.Trojan.Agent.Gen
BitDefender Trojan.Generic.KD.296525
Kaspersky Trojan.Win32.FakeAV.eaex

SpyHunter Detects & Remove XP Antispyware 2012

File System Details

XP Antispyware 2012 may create the following file(s):
# File Name MD5 Detections
1. sae.exe 1a54aff914485e76e7d51bf488e186e5 2
2. lmk.exe fbcbd2aba5d5aff5c8d1cd93fe304204 2
3. cuw.exe 6c036a1a0b3b25b83fbea52f332c69d5 1
4. %AppData%\Local\[RANDOM CHARACTERS].exe
5. %AppData%\Local\[RANDOM CHARACTERS]
7. %AllUsersProfile%\[RANDOM CHARACTERS]
8. %AppData%\Roaming\Microsoft\Windows\Templates\[rRANDOM CHARACTERS]
9. xkj.exe 7c095640bc204e19c44fa40d9a00d58a 0
10. dls.exe 0ddd81708871ad2bf1e241f07c774647 0

Registry Details

XP Antispyware 2012 may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’


The following messages associated with XP Antispyware 2012 were found:

"Malware Intrusion Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start"
"System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here"
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
XP Antispyware 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?
XP Antispyware 2012 Firewall Alert
XP Home Security 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.


Most Viewed