XP Internet Security Pro 2013

XP Internet Security Pro 2013 Description

Type: Adware

Security researchers have received reports of several new variants in the FakeRean family of rogue security software. XP Internet Security Pro 2013 is one of these fake security programs. XP Internet Security Pro 2013 targets computers with the Windows XP operating system. FakeRean's rogue security programs tend to target specific operating systems. XP Internet Security Pro 2013 carries out a common online scam that ESG security researchers have observed hundreds of times before: XP Internet Security Pro 2013 infects a computer and then tries to convince the victim to purchase a fake and expensive upgrade for this fake security program. To convince victims that they need this supposed 'upgrade', XP Internet Security Pro 2013 uses the following tactics:

  1. XP Internet Security Pro 2013 will spam the victim with constant fake system alerts and error messages claiming that the victim's computer has been infected with dangerous Trojans and viruses.
  2. XP Internet Security Pro 2013 makes changes to the Windows Registry that allows XP Internet Security Pro 2013 to start up automatically when the victim logs into Windows. When XP Internet Security Pro 2013 starts up, XP Internet Security Pro 2013 will run a fake system scan that will invariably display dire results.
  3. A computer infected with XP Internet Security Pro 2013 will present several other problems. These include blocked access to files on the infected computer, issues with legitimate security programs, system instability, poor system performance and redirects to unwanted websites when browsing the web.

General Characteristics of XP Internet Security Pro 2013 and Its Many Clones

XP Internet Security Pro 2013 belongs to a batch of rogue security programs that are not difficult to recognize because of their typical naming patterns. These fake security applications will typically use a term that corresponds to the infected computer's operating system ('XP' in this case). Other variants have names like Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

New variants in this family have been released since 2009, meaning that there are clones of XP Internet Security Pro 2013 that end with 2012, 2011, and 2010. Common generic anti-virus names used by these fake security programs include 'Internet protection', 'antivirus' or 'antivirus plus'. It is important to know that, despite the large number of fake security programs in this family and variants of XP Internet Security Pro 2013, there is virtually no difference between one of these fake security applications and another.

Technical Information

File System Details

XP Internet Security Pro 2013 creates the following file(s):
# File Name Detection Count
1 %CommonApplData%\[RANDOM CHARACTERS_2] N/A
2 %LocalAppData%\[RANDOM CHARACTERS_2] N/A
3 %Temp%\[RANDOM CHARACTERS_2] N/A
4 %UserProfile%\Templates\[RANDOM CHARACTERS_2] N/A

Registry Details

XP Internet Security Pro 2013 creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1""%*
HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ Application
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.