Threat Database Rogue Anti-Spyware Program XP Internet Security 2012

XP Internet Security 2012

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1
First Seen: December 14, 2011
Last Seen: November 18, 2020
OS(es) Affected: Windows

XP Internet Security 2012 Image

XP Internet Security 2012 is one of the many different versions of the malicious file Ppn.exe. XP Internet Security 2012 is a kind of harmful application that infects a user's computer and then spams the user with alert messages and fake system scans. This faker security program will become an annoyance by constantly claiming that the computer is infected with numerous Trojans and other kinds of software infections. XP Internet Security 2012 and fake security programs from the same family will demand the user's credit card information, taking the computer and web browser hostage until the user complies.

How Did XP Internet Security 2012 Get Started?

XP Internet Security 2012 has it's origins in the Russian Federation, a country notorious for harboring many of the world's worst cyber-criminals. XP Internet Security 2012 works very similarly to previous similar harmful software, but has a unique trait that called the attention of security experts everywhere: XP Internet Security 2012 changes its name according to the user's operating system.

How Does XP Internet Security 2012 Adapt to Different Operating Systems?

Ppn.exe is delivered by a Trojan, downloaded unwittingly by the user. The first sign of an infection is a fake notification from Windows Automatic Update. This notification looks almost exactly like the real thing, although close examination is enough to differentiate between the two. However, most users will simply mistake it for a normal Windows Automatic Update and pay no attention. It is at that moment that the Trojan will download one of hundreds of possible names and skins for the program, depending on the user's operating system. There are three main types of these, depending on the operating system. These can be for Windows XP, Windows Vista, and Windows 7. XP Internet Security 2012 is one of the programs from the Windows XP set. The version for Windows Vista would be named something similar to Vista Internet Security 2012 and the version for Windows 7 could be named something like Win 7 Internet Security 2012. These are all the same program, but have different layouts, interfaces, and themes for each user. There are rare cases in which the Trojan will make a mistake and download the wrong skin, resulting in a skin meant for Windows XP on a computer running another operating system.

What to Do in Case of an XP Internet Security 2012 Infection

If your computer is infected with XP Internet Security 2012, you will receive numerous alerts and fake system scans claiming that you have some kind of viral or malware infection. You will also be aggressively prompted to enter your credit card information to buy a supposed license for this program. You should not enter your credit card information, and if you already have, you should contact your bank to block the charges. Don't pay attention to the fake system scans, and under no circumstances should you try to remove the supposedly infected files; this may irreparably damage your system. Use a real anti-spyware or anti-virus application from a reliable source to get rid of your XP Internet Security 2012 infection.ScreenshotScreenshotScreenshotScreenshot

File System Details

XP Internet Security 2012 may create the following file(s):
# File Name Detections
1. %UserProfile%Local SettingsApplication DataMSASCui.exe
2. %UserProfile%AppDataLocalpw.exe
3. %UserProfile%Local SettingsApplication Datavz.exe
4. %UserProfile%AppDataLocalMSASCui.exe
5. [RANDOM CHARACTERS].exe
6. %UserProfile%Local SettingsApplication Datapw.exe
7. %UserProfile%AppDataLocalvz.exe
8. %UserProfile%AppDataLocalopRSK
9. %UserProfile%Local SettingsApplication DataopRSK
10. %AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h %LocalAppData%\kdn.exe %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h %Temp%\u3f7pnvfncsjk2e86abfbj5h %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h

Registry Details

XP Internet Security 2012 may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\XP Internet Security 2012
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\XP Internet Security 2012
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Internet Security 2012
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'

Messages

The following messages associated with XP Internet Security 2012 were found:

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
XP Internet Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

Related Posts

Trending

Most Viewed

Loading...