XP Internet Security Pro 2013

XP Internet Security Pro 2013 Description

Security researchers have received reports of several new variants in the family of rogue security software. XP Internet Security Pro 2013 is one of these fake security programs. XP Internet Security Pro 2013 targets computers with the Windows XP operating system. FakeRean's rogue security programs tend to target specific operating systems. XP Internet Security Pro 2013 carries out a common online scam that ESG security researchers have observed hundreds of times before: XP Internet Security Pro 2013 infects a computer and then tries to convince the victim to purchase a fake and expensive upgrade for this fake security program. To convince victims that they need this supposed 'upgrade', XP Internet Security Pro 2013 uses the following tactics:

  1. XP Internet Security Pro 2013 will spam the victim with constant fake system alerts and error messages claiming that the victim's computer has been infected with dangerous Trojans and viruses.
  2. XP Internet Security Pro 2013 makes changes to the Windows Registry that allows XP Internet Security Pro 2013 to start up automatically when the victim logs into Windows. When XP Internet Security Pro 2013 starts up, XP Internet Security Pro 2013 will run a fake system scan that will invariably display dire results.
  3. A computer infected with XP Internet Security Pro 2013 will present several other problems. These include blocked access to files on the infected computer, issues with legitimate security programs, system instability, poor system performance and redirects to unwanted websites when browsing the web.

General Characteristics of XP Internet Security Pro 2013 and Its Many Clones

XP Internet Security Pro 2013 belongs to a batch of rogue security programs that are not difficult to recognize because of their typical naming patterns. These fake security applications will typically use a term that corresponds to the infected computer's operating system ('XP' in this case). Other variants have names like

New variants in this family have been released since 2009, meaning that there are clones of XP Internet Security Pro 2013 that end with 2012, 2011, and 2010. Common generic anti-virus names used by these fake security programs include 'Internet protection', 'antivirus' or 'antivirus plus'. It is important to know that, despite the large number of fake security programs in this family and variants of XP Internet Security Pro 2013, there is virtually no difference between one of these fake security applications and another.

Technical Information

Registry Details

XP Internet Security Pro 2013 creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1""%*
HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ Application
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.