XP Anti-Virus 2011

XP Anti-Virus 2011 Description

ScreenshotHow many names can one fake anti-virus program have? Well, in the case of the malware behind XP Anti-Virus 2011, the answer is at least thirty-three. Not only is XP Anti-Virus 2011 not a Microsoft product and not a native XP program, but XP Anti-Virus 2011 is also one of the many names taken by a malicious, phony security software scam. The bottom line is that there is no good reason to trust XP Anti-Virus 2011.

What You Should Know, and What You Should Watch Out For

If XP Anti-Virus 2011 has your PC on lockdown, there are two very important things that you need to know:

  1. The various infections, threats, attacks and errors reported by XP Anti-Virus 2011 are not real. XP Anti-Virus 2011 can't detect threats, and XP Anti-Virus 2011 only reports them in order to scare you into buying an XP Anti-Virus 2011 license.
  2. You will not gain anything by paying the money that XP Anti-Virus 2011 demands from you. There are no licenses to be had, and paying the money will not cause XP Anti-Virus 2011 to release its grip on your computer. If you have already paid for XP Anti-Virus 2011, please consider contacting your credit card company to dispute the charge.

Generally, everything that XP Anti-Virus 2011 does is typical for a fake security program. If XP Anti-Virus 2011 is on your PC, XP Anti-Virus 2011 will cause symptoms that are impossible not to notice. These symptoms serve two purposes: to convince you that your computer has serious security problems that can only be solved by purchasing a license for XP Anti-Virus 2011, and to prevent you from removing XP Anti-Virus 2011 for as long as possible. To illustrate, let's divide the symptoms into these two categories:

Scare tactics:

  • Every time Windows starts, XP Anti-Virus 2011 will load a fake user interface, which is styled to look as if it belongs to a real Windows program. The interface uses a modified version of the Windows Security Center shield logo (without permission). Every time you see this interface, XP Anti-Virus 2011 will pretend to run a scan of your computer, and then tell you that XP Anti-Virus 2011 has found a large number of very dangerous threats that XP Anti-Virus 2011 can only remove if you purchase a license to "register" your copy of XP Anti-Virus 2011.
  • While you try to use your computer, XP Anti-Virus 2011 will cause error messages and alerts to pop-up almost constantly. These alerts will have big, scary headers like "System hijack!" (among others), and the content of the alerts will always be very vague. The gist of the alert messages is always the same – XP Anti-Virus 2011 will claim to have detected something, and if you try to click on the buttons in the message in order to remove the "threat," XP Anti-Virus 2011 will tell you that you need to pay for a license.
  • When you try to navigate to some websites, you will get a phony error screen that says that you have been prevented from navigating to the site because it is malicious or dangerous. The error screen will recommend that you purchase XP Anti-Virus 2011 in order to protect yourself from the horrible danger of the Internet.

Survival tactics:

  • XP Anti-Virus 2011 makes changes to the Registry that change your .exe file associations, which means that Windows will be told to try to run .exe files with something other than Explorer. The result is that instead of being able to run the programs you have installed on your computer, every time you try to open one of them, Windows will run XP Anti-Virus 2011 instead – and XP Anti-Virus 2011 will tell you that the program you were trying to run is malicious. You will only be able to run XP Anti-Virus 2011 and your web browser, although your browser will be crippled.
  • XP Anti-Virus 2011's changes will disable Task Manager and Regedit; therefore you will not be able to use them. This means you can't use Task Manager to stop XP Anti-Virus 2011's processes, and you can't use Regedit to undo the malware's changes to the Registry.
  • XP Anti-Virus 2011 will change your Internet settings, causing your browser to redirect you to a website promoting XP Anti-Virus 2011 regardless of which site you try to view. Therefore, you will be unable to view websites that offer help with removing XP Anti-Virus 2011 and other malware, and you will not be able to use your browser to download real anti-virus software.

How an XP Anti-Virus 2011 Infection Begins

The vast majority of the time, people who have XP Anti-Virus 2011 on their computers do not have XP Anti-Virus 2011 as a result of choosing to download XP Anti-Virus 2011. This is because XP Anti-Virus 2011 uses several common malicious strategies in order to get itself downloaded without the user's knowledge, which is necessary because XP Anti-Virus 2011 relies on a Trojan file-dropper for downloading and installation. Trojan are not viruses; they don't replicate or spread on their own, so people have to be tricked into letting them into their computers. The Trojan that installs XP Anti-Virus 2011 may be hidden in a fake security program update or video codec, it may exploit a vulnerability in your web browser via a drive-by download from a malicious site or pop-up ad, or it may be disguised as a compressed .pdf file attached to a spam email (especially a spam email about a package delivery).

Once the Trojan has downloaded, it drops the files for XP Anti-Virus 2011. The malware – collectively known as the FakeRean family or the "multi-rogue" – will randomly name its executable file, using three letters. It will also check to see which version of Windows you're using, and, using a list of phrases, it will name itself using your version of Windows and a random phrase from the list. (So, XP Anti-Virus 2011 only occurs on computers running Windows XP.) It will configure itself to run the next time Windows starts, and that is when you will see XP Anti-Virus 2011 for the first time. XP Anti-Virus 2011 is part of a Russian Internet-based scam. In one form or another, XP Anti-Virus 2011 and its underlying multi-rogue malware date back to at least early 2010. However, in 2011, and especially in Spring 2011, there seems to have been an increase in infection rates with XP Anti-Virus 2011. Luckily, XP Anti-Virus 2011 can be removed, and you can regain control of your PC – by using legitimate, real anti-virus software.

Other members of the FakeRean family, clones of XP Anti-Virus 2011 include Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, CleanThis, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

Technical Information

Screenshots & Other Imagery

XP Anti-Virus 2011 Image 1 XP Anti-Virus 2011 Image 2 XP Anti-Virus 2011 Image 3 XP Anti-Virus 2011 Image 4 XP Anti-Virus 2011 Image 5 XP Anti-Virus 2011 Image 6

File System Details

XP Anti-Virus 2011 creates the following file(s):
# File Name Size MD5 Detection Count
1 %AppData%tby.exe 339,968 D083C8A59A063CFC81CCEBD52A34CB56 1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.