XP Antivirus Pro 2013

XP Antivirus Pro 2013 Description

ScreenshotThere has been a large number of reports of widespread infections involving updated variants of the WinPC Defender or Braviax family of malware. XP Antivirus Pro 2013 is one of the many names that are being used by these fake security programs to scam unsuspecting computer users. As is common with these kinds of fake security programs, there are numerous clones of XP Antivirus Pro 2013. All of these fake security programs use a similar pattern for determining each fake security application's name. The first word is usually the targeted operating system (in this case it is XP since the targeted operating system is Windows XP). It is followed by a generic term that makes it seem as if the program is a security application such as antimalware, home security, antivirus, internet security, etc. Finally, these programs will have the current year tacked on to the end of the rogue security application's name.

The newest variants in this family of malware, including XP Antivirus Pro 2013, use the year '2013.' However, apart from its denomination, there is no dissimilarity between XP Antivirus Pro 2013 and previous versions such as SystemDefender, IE Defender, IE Defender, XPdefender, WinDefender2008, Malware Defender 2009, WinPC Defender, PC Privacy Defender, Smart Defender Pro, Ultimate Defender, Advanced XP Defender, Security Defender Pro 2015.

XP Antivirus Pro 2013 and its clones attack particular Windows versions. Although the Trojan that installs XP Antivirus Pro 2013 attacks a variety of computers, each fake security program's name varies depending on the infected computer's operating system. XP Antivirus Pro 2013 is only installed on computers running Windows XP. If the targeted computer is using another version of Windows, such as Windows 7, Windows 8 or Vista, then a program named Win 7 Antivirus Pro 2013, Win 8 Antivirus Pro 2013 or Vista Antivirus Pro 2013 would be installed instead.

XP Antivirus Pro 2013 is designed to make its victims be convinced that their machine is infested with malware. This fake security program harasses its victims with numerous fake error messages and system alerts. When the victim attempts to fix these supposed problems with XP Antivirus Pro 2013, this fake security program displays error messages urging the victim to pay for a fake upgrade for XP Antivirus Pro 2013. Since XP Antivirus Pro 2013 isn't capable of detecting or removing malware and is part of a malware attack itself, ESG security researchers recommend its complete removal using a strong anti-malware program that is fully up to date.

Aliases: Win32.Bancos [Ikarus], Trojan/Win32.Diple [AhnLab-V3], TR/Bancos.CDL.8 [AntiVir], Trojan.KillProc.15905 [DrWeb], Win32.Bancos!IK, Win32:Bancos-CDL [Spy] [Avast], W32/Suspicious_Gen4.ZLLT, Artemis!8A7BB35885CF [McAfee], Trojan.Generic.KDV.600965, Gen:Trojan.Heur.LP.iu8@aG6fpHgi (B), Trojan-Ransom.Win32.Foreign.asxx [Kaspersky], Trojan.FakeMS, Trojan.Generic.KD.901964, Dropper.Generic2.AAPU [AVG] and Trojan-Dropper.SuspectCRC [Ikarus].

Technical Information

Screenshots & Other Imagery

XP Antivirus Pro 2013 Image 1 XP Antivirus Pro 2013 Image 2 XP Antivirus Pro 2013 Image 3 XP Antivirus Pro 2013 Image 4 XP Antivirus Pro 2013 Image 5 XP Antivirus Pro 2013 Image 6 XP Antivirus Pro 2013 Image 7

File System Details

XP Antivirus Pro 2013 creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\UbiSoft\SetupUbi.exe 643,072 735e3f35a14cc39fb874b0799a198fb3 94
2 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\Reboot.exe 409,600 10ff0d7610d2a3b7a67854b1b70594fb 25
3 %APPDATA%\Java\Java.exe 765,440 189a3ad00e9023ddbd8b96bc7b25ff3e 12
4 %APPDATA%TMf2g99RPH1P2EI.exe 96,256 2f5b8fa2968ecb754e181c50e4e869dc 11
5 %USERPROFILE%\S-15-5943-2356-2352\winmgr.exe 69,120 bfdef30de6842d4190ec34213593ec49 9
6 %TEMP%update.exe 764,928 6124c9689dc1db263359cf83df35325b 6
7 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Bla Bla.exe 4,141,960 cb9d64689c607953224011d89c08d839 6
8 %APPDATA%IZ Crypt Pre Alpha.exe 110,592 5a251700f95ca463af81440a06c11086 5
9 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\A-2068193475.exe 51,724 9a65737e5ccc95b04f26f95eaa2be535 4
10 %USERPROFILE%\Documents\wincmd.exe 24,355,844 506a814c73adbfa70107a40085b90b4a 4
11 %APPDATA%074.exe 184,423 bfd3d50001f18345a7c1a18f4625ed8e 3
12 %TEMP%\MSDCSC\msdcsc.exe 1,158,529 8f42640869da36976902d674b41cc36a 3
13 %PROGRAMFILES%\ntonctrol\ntonctrol.exe 126,976 82d507b3655eabbf1c5038aba38bc742 2
14 %USERPROFILE%nodxigobfuby.exe 39,880 1ccf02a5ac2c4d22a52c6180b2b2bd8c 2
15 %WINDIR%\inf\svchast.exe 1,795,072 87b549a60cfc9dd0d4040fb78e879637 2
16 %APPDATA%\894481\894481.exe 65,536 8bd4851fb17d576e54df0b41bd3233c8 2
17 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Teemu.exe 4,328,372 2f6ec4885e14e3904d94c037ad8c98fa 2
18 %WINDIR%up2date.exe 57,795 a8a12411d33c56520ef81a83416caca6 2
19 %PROGRAMFILES%\WW2010CF\SERVICES.EXE 512,000 48b0f162c65c7316db6ec1d294f8f37e 2
20 %WINDIR%\system32\wins.exe 244,552 cb5c8a3f5cba769669f662ab9e30b913 2
21 %ALLUSERSPROFILE%\Local Settings\Temp\mslutv.exe 49,992 7295902ee0f05ab37a2f764e9b45a8b6 2
22 %ALLUSERSPROFILE%\Local Settings\Temp\mswuiiio.cmd 45,896 efb4c09c027c67ee90ab204b9c1ffdc2 1
23 %SystemDrive%\Users\fqbrice\5879257.dll 100,352 96d5dfe63f44097d219e1d749ba07d0a 1
24 %SystemDrive%\ProgramData\gbpsvs.dll 1,052,672 ea505c2d439a5f36e3e079f25b41ae56 1
25 %SystemDrive%\ProgramData\wlcon.dll 1,098,752 fa8d670443046dd1f99dd08241362027 1
26 %SystemDrive%\ProgramData\gbieha.dll 557,312 ed5ef662951776536fc5a09266de8b08 1
27 %SystemDrive%\Users\Max\6954194.dll 100,864 6702fa8bfb4b5582511f22d93cb45a0a 1
28 %TEMP%\Aplaeplaep\ycfyycfewuj.exe 65,536 dc051532febb8ee31d8ad7b7c6ac205c 1
29 %SystemDrive%\Users\New Account\8103874.dll 135,168 b9097671abbe840bb69102e82adc8544 1
30 %CommonApplData%\[RANDOM CHARACTERS_2] N/A
31 %LocalAppData%\[RANDOM CHARACTERS_2] N/A
32 %Temp%\[RANDOM CHARACTERS_2] N/A
33 %UserProfile%\Templates\[RANDOM CHARACTERS_2] N/A
More files

Registry Details

XP Antivirus Pro 2013 creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0_0]\ Application
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas

More Details on XP Antivirus Pro 2013

The following messages associated with XP Antivirus Pro 2013 were found:
Severe system damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
Virus intrusion!
Your computer security is at risk. Spyware, worms and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.
XP Antivirus Pro 2013 Firewall Alert
XP Antivirus Pro 2013 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.