XP Antispyware Pro 2013

Posted: November 5, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	8,061
Threat Level:	10/10
Infected PCs:	17,439

First Seen:	October 1, 2012
Last Seen:	October 8, 2023
OS(es) Affected:	Windows

XP Antispyware Pro 2013 looks like a real anti-malware program in terms of seeming to detect spyware and other attacks against your computer, but as one of the new variants of Win32/FakeRean, XP Antispyware Pro 2013 doesn't have any real functions to find or get rid of PC threats. Inaccurate scans and fake pop-up alerts accompany any XP Antispyware Pro 2013 infection as XP Antispyware Pro 2013 tries to persuade you to spend money on XP Antispyware Pro 2013 – which is, naturally, considered a poor decision. Since SpywareRemove.com malware experts also associate XP Antispyware Pro 2013 with attacks against other programs, browser redirects and other security issues, they recommend deleting XP Antispyware Pro 2013 quickly with anti-malware software in any scenario where XP Antispyware Pro 2013's presence on your PC is obvious.

XP Antispyware Pro 2013: When the Real Problem Isn't a Spy... but a Poorly-Trained Guard Dog

XP Antispyware Pro 2013 is designed to display a solid array of different pop-up warnings for various situations, including spyware-related attacks (identity theft, keylogging, etc.) in particular. Unlike real anti-spyware software, XP Antispyware Pro 2013 doesn't make any attempts to sync its pop-ups with actual attacks, and attempting to delete files or programs that XP Antispyware Pro 2013 claims are compromised may harm your computer. Pop-ups are particularly likely to display when you try to use unrelated programs (as noted in the list of XP Antispyware Pro 2013's other attacks later in this article), but also can appear at other times.

XP Antispyware Pro 2013 also initiates system scans without your permission that can display lists of infections (for the most part, high-level threats like rootkits and banking Trojans) that supposedly are on your computer. However, like its pop-ups, this feature is fake, and SpywareRemove.com malware researchers especially discourage purchasing XP Antispyware Pro 2013 to remove these nonexistent problems.

These fake security features are common to XP Antispyware Pro 2013's family of scamware, which includes many other examples of rogue anti-malware, anti-spyware and anti-virus scanners. Additional variants of the WinPC Defender family, particularly its recent Multirogue 2013 branch, include Ultimate Defender, SystemDefender, IE Defender, Advanced XP Defender, XP Defender, WinDefender2008, PCTotalDefender, PC Defender 2008, Personal Defender 2009, WinDefender 2009, Perfect Defender 2009, Total Defender, Malware Defender 2009, WinPC Defender, PC Privacy Defender, Smart Defender Pro, Rogue.UltimateDefender, FraudTool.LastDefender.b and Security Defender Pro 2015.

The Trouble with Letting XP Antispyware Pro 2013 Go About Its Snake Oil Business

If you've learned to ignore XP Antispyware Pro 2013's fake security information, you're only halfway there to making your computer safe against XP Antispyware Pro 2013's attacks. Like some of the most advanced families of rogue anti-malware programs, FakeRean-based malware like XP Antispyware Pro 2013 have also been found to utilize other attacks to support their fake scans and pop-ups. SpywareRemove.com malware analysts consider the most notable of these to be:

Browser redirects. XP Antispyware Pro 2013 may block you from visiting websites, expose you to malicious sites and/or display inaccurate web page messages about harmful web content.
Programs that are either blocked directly or modified (usually through the Registry) so that they're unable to perform as expected. XP Antispyware Pro 2013's attacks are likely to concentrate against security-related programs like Windows Security Center or Windows Firewall.
Security settings that are disabled to make your computer vulnerable to other attacks. Examples include XP Antispyware Pro 2013 disabling browser alerts for malicious file downloads or disabling out-of-date notifications from Windows Update.

Altogether, these attacks make any PC that's infected by XP Antispyware Pro 2013 vulnerable to attacks from other sources. While SpywareRemove.com malware researchers suggest using strong anti-malware programs to delete XP Antispyware Pro 2013, additional steps may be needed to prevent XP Antispyware Pro 2013 from blocking your security software. Booting into Safe Mode or loading your OS from a removable device should be sufficient to disable XP Antispyware Pro 2013 for removal.

Aliases

Win32.Bancos [Ikarus]Trojan/Win32.Diple [AhnLab-V3]TR/Bancos.CDL.8 [AntiVir]Trojan.KillProc.15905 [DrWeb]Win32:Bancos-CDL [Spy] [Avast]Artemis!8A7BB35885CF [McAfee]Trojan-Ransom.Win32.Foreign.asxx [Kaspersky]Dropper.Generic2.AAPU [AVG]Trojan-Dropper.SuspectCRC [Ikarus]Artemis!02E1070C9FAD [McAfee-GW-Edition]SPR/Tool.BeeInject.133 [AntiVir]Trojan-Spy.MSIL.Agent.buh [Kaspersky]MSIL:Crypt-AO [Avast]a variant of MSIL/Injector.U [NOD32]TR/Boigy.2 [AntiVir]
More aliases (2215)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\WINDOWS\UbiSoft\SetupUbi.exe

File name: SetupUbi.exe
Size: 643.07 KB (643072 bytes)
MD5: 735e3f35a14cc39fb874b0799a198fb3
Detection count: 349
File type: Executable File
Mime Type: unknown/exe
Path: C:\WINDOWS\UbiSoft\SetupUbi.exe
Group: Malware file
Last Updated: October 15, 2023

%SystemDrive%\ProgramData\gbieha.dll

File name: gbieha.dll
Size: 557.31 KB (557312 bytes)
MD5: ed5ef662951776536fc5a09266de8b08
Detection count: 62
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\ProgramData
Group: Malware file
Last Updated: February 22, 2013

%SystemDrive%\ProgramData\wlcon.dll

File name: wlcon.dll
Size: 1.09 MB (1098752 bytes)
MD5: fa8d670443046dd1f99dd08241362027
Detection count: 61
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\ProgramData
Group: Malware file
Last Updated: February 22, 2013

%TEMP%\Aplaeplaep\ycfyycfewuj.exe

File name: ycfyycfewuj.exe
Size: 65.53 KB (65536 bytes)
MD5: dc051532febb8ee31d8ad7b7c6ac205c
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\Aplaeplaep
Group: Malware file
Last Updated: February 22, 2013

%SystemDrive%\ProgramData\gbpsvs.dll

File name: gbpsvs.dll
Size: 1.05 MB (1052672 bytes)
MD5: ea505c2d439a5f36e3e079f25b41ae56
Detection count: 60
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\ProgramData
Group: Malware file
Last Updated: February 22, 2013

C:\$Recycle.Bin\S-1-5-18\$70b76ca57a6b1ad6260e65399d41ccb5\n

File name: n
Size: 59.9 KB (59904 bytes)
MD5: 004d883c75e80cd386a260b5eccbf285
Detection count: 56
Path: C:\$Recycle.Bin\S-1-5-18\$70b76ca57a6b1ad6260e65399d41ccb5\n
Group: Malware file
Last Updated: April 6, 2022

%LOCALAPPDATA%\{F41C0568-18AE-2FB5-3FAF-004A1F4BF0B3}\syshost.exe

File name: syshost.exe
Size: 204.8 KB (204800 bytes)
MD5: e6533434941eb27d0efd1bf7d37c4f4d
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\{F41C0568-18AE-2FB5-3FAF-004A1F4BF0B3}
Group: Malware file
Last Updated: February 22, 2013

%TEMP%\csrss.exe

File name: csrss.exe
Size: 158.72 KB (158720 bytes)
MD5: 295f8c0f0188a4ffbacd71634986bb03
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: February 22, 2013

%APPDATA%\TMf2g99RPH1P2EI.exe

File name: TMf2g99RPH1P2EI.exe
Size: 96.25 KB (96256 bytes)
MD5: 2f5b8fa2968ecb754e181c50e4e869dc
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 22, 2013

%LOCALAPPDATA%\Lollipop\Lollipop.exe

File name: Lollipop.exe
Size: 920.57 KB (920576 bytes)
MD5: 8448d114db908ac23f610dc1292edabe
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Lollipop
Group: Malware file
Last Updated: February 25, 2013

%USERPROFILE%\S-15-5943-2356-2352\winmgr.exe

File name: winmgr.exe
Size: 69.12 KB (69120 bytes)
MD5: bfdef30de6842d4190ec34213593ec49
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\S-15-5943-2356-2352
Group: Malware file
Last Updated: February 22, 2013

%TEMP%\update.exe

File name: update.exe
Size: 764.92 KB (764928 bytes)
MD5: 6124c9689dc1db263359cf83df35325b
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: February 22, 2013

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Bla Bla.exe

File name: Bla Bla.exe
Size: 4.14 MB (4141960 bytes)
MD5: cb9d64689c607953224011d89c08d839
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: February 22, 2013

%SystemDrive%\Users\<username>\8103874.dll

File name: 8103874.dll
Size: 135.16 KB (135168 bytes)
MD5: b9097671abbe840bb69102e82adc8544
Detection count: 14
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\Users\New Account
Group: Malware file
Last Updated: March 29, 2013

%APPDATA%\IZ Crypt Pre Alpha.exe

File name: IZ Crypt Pre Alpha.exe
Size: 110.59 KB (110592 bytes)
MD5: 5a251700f95ca463af81440a06c11086
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 22, 2013

%SystemDrive%\Users\<username>\6954194.dll

File name: 6954194.dll
Size: 100.86 KB (100864 bytes)
MD5: 6702fa8bfb4b5582511f22d93cb45a0a
Detection count: 10
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\Users\Max
Group: Malware file
Last Updated: February 22, 2013

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\A-2068193475.exe

File name: A-2068193475.exe
Size: 51.72 KB (51724 bytes)
MD5: 9a65737e5ccc95b04f26f95eaa2be535
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: February 22, 2013

%USERPROFILE%\Documents\wincmd.exe

File name: wincmd.exe
Size: 24.35 MB (24355844 bytes)
MD5: 506a814c73adbfa70107a40085b90b4a
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Documents
Group: Malware file
Last Updated: February 22, 2013

%TEMP%\MSDCSC\msdcsc.exe

File name: msdcsc.exe
Size: 1.15 MB (1158529 bytes)
MD5: 8f42640869da36976902d674b41cc36a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\MSDCSC
Group: Malware file
Last Updated: February 22, 2013

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Teemu.exe

File name: Teemu.exe
Size: 4.32 MB (4328372 bytes)
MD5: 2f6ec4885e14e3904d94c037ad8c98fa
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: February 22, 2013

%WINDIR%\up2date.exe

File name: up2date.exe
Size: 57.79 KB (57795 bytes)
MD5: a8a12411d33c56520ef81a83416caca6
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: February 22, 2013

%PROGRAMFILES%\WW2010CF\SERVICES.EXE

File name: SERVICES.EXE
Size: 512 KB (512000 bytes)
MD5: 48b0f162c65c7316db6ec1d294f8f37e
Detection count: 5
File type: Executable File
Mime Type: unknown/EXE
Path: %PROGRAMFILES%\WW2010CF
Group: Malware file
Last Updated: February 22, 2013

%WINDIR%\system32\wins.exe

File name: wins.exe
Size: 244.55 KB (244552 bytes)
MD5: cb5c8a3f5cba769669f662ab9e30b913
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: February 22, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\mslutv.exe

File name: mslutv.exe
Size: 49.99 KB (49992 bytes)
MD5: 7295902ee0f05ab37a2f764e9b45a8b6
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: February 22, 2013

%Temp%\[RANDOM CHARACTERS AND NUMBERS]

File name: %Temp%\[RANDOM CHARACTERS AND NUMBERS]
Group: Malware file

%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS AND NUMBERS]

File name: %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS AND NUMBERS]
Group: Malware file

%LocalAppData%\[RANDOM 3 CHARACTERS].exe

File name: %LocalAppData%\[RANDOM 3 CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

More files

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS] "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS]\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS]\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = '[RANDOM CHARACTERS]'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"" HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\[RANDOM CHARACTERS]HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"

Additional Information

The following messages's were detected:

#	Message
1	Privacy alert! Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.
2	Security Breach Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan.
3	Severe system damage! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
4	System hijack! System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
5	Threat detected! Security alert! Your computer was found to be infected with privacy-threathening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan.
6	XP Antispyware Pro 2013 Alert Internet Connection alert! Suspicious network activity detected! Malware infection is possible!
7	XP Antispyware Pro 2013 Firewall Alert XP Antispyware Pro 2013 has blocked a program from accessing the internet Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen Private data can be stolen by third parties, including credit card details and passwords.