XP Antivirus 2013

Posted: October 1, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	5/10
Infected PCs:	63

First Seen:	October 1, 2012
Last Seen:	October 7, 2022
OS(es) Affected:	Windows

Rather than waiting for the New Year’s arrival, the criminals who are behind new variants of FakeRean scamware have released their new 'products early,' with XP Antivirus 2013 as just one of many examples of fraudulent security software. As a rogue anti-malware program, XP Antivirus 2013 is excellent at displaying realistic-looking and dangerous-sounding malware alerts, but SpywareRemove.com malware researchers have long since confirmed that XP Antivirus 2013 can't detect or delete real PC threats. Because XP Antivirus 2013 and other members of its family may also be used to attack legitimate security features of Windows, XP Antivirus 2013 should be considered a high-level threat, and deleting XP Antivirus 2013 with an anti-malware program is advisable as soon as you get an opportunity.

XP Antivirus 2013: the Risk That Keeps on Giving in So Many Ways

Contrary to its looks, XP Antivirus 2013 can't detect malicious software, nor can XP Antivirus 2013 delete malware that's infecting your computer. However, simulated scans and pop-ups by XP Antivirus 2013 attempt to show otherwise, with a colorful assortment of fake alerts and infection warnings that fake the identification of spyware and other high-level PC threats. SpywareRemove.com malware experts encourage total disregard to XP Antivirus 2013's histrionic fake alerts, which can cause you to damage your PC if you follow their advice. Likewise, purchasing XP Antivirus 2013 should never be considered a viable solution to any computers problems.

While XP Antivirus 2013 and other members of the FakeXPA family of fake anti-malware scanners are best known for their misleading security information, XP Antivirus 2013 may also indulge in other attacks. SpywareRemove.com malware experts have noted some of the most dangerous below:

XP Antivirus 2013 may disable basic Windows features such as its automatic update, firewall or Security Center.
XP Antivirus 2013 may block websites from your browser; these blocks can be accompanied by fake 'dangerous website' warnings.
Unrelated programs that aren't disabled via the Registry may be blocked by XP Antivirus 2013 through separate means. Like the aforementioned browser attacks, SpywareRemove.com malware researchers note that, in this case, XP Antivirus 2013 will try to imply that the target is infected, damaged or otherwise dangerous – thus justifying why XP Antivirus 2013 is blocking it.

Staying a Leap Ahead of Next Year's Digital Con Game

As much as XP Antivirus 2013 looks like an anti-malware product, XP Antivirus 2013 doesn't have any legitimate features for your benefit and its requests for purchase should always be ignored. If possible, launching anti-malware software that can delete XP Antivirus 2013 should be a simple solution to any XP Antivirus 2013 infection. If XP Antivirus 2013 blocks the software that could remove it, disabling XP Antivirus 2013 (by Safe Mode or other means) can be considered as a preliminary step.

XP Antivirus 2013's family, FakeRean, includes many members, although some are more distinctly-related to XP Antivirus 2013 than others. Close relatives of XP Antivirus 2013 that SpywareRemove.com malware analysts have found to be active as of the time of this writing include Antivirus 2010, Antivirus 360, AntivirusBEST, Nortel Antivirus, Alpha Antivirus, Cyber Security, MaCatte Antivirus 2009, Eco Antivirus, Antivir, Personal Security, Ghost Antivirus, XP Antivirus 2010, Antivirus 7, Antivirus GT, Earth Antivirus, Antivirus 8, AntivirusProfessional, AVG Antivirus 2011 and E-Set Antivirus 2011.

Infections by XP Antivirus 2013 can be precipitated by Trojan downloaders from a range of different families as well as by drive-by-download exploits that are associated with commercially-distributed exploit kits (Blackhole Exploit Kit, etc).

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe

File name: %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%CommonAppData%\[RANDOM CHARACTERS].exe

File name: %CommonAppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%LocalAppData%\[RANDOM CHARACTERS].exe

File name: %LocalAppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%Temp%\[RANDOM CHARACTERS].exe

File name: %Temp%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CURRENT_USER\Software\Classes\\DefaultIcon "(Default)" = '%1'HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"

Additional Information

The following messages's were detected:

#	Message
1	Malware intrusion! Sensitive areas of your system ware found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.
2	Privacy alert! Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.
3	Security Breach! Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for and anti-spyware scan.
4	System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
5	Virus infection! System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.