StartPagePreview.com/security/xp/
StartPagePreview.com/security/xp/ is a website used to distribute fake security software through drive-by-downloads and fraudulent security alerts. Along with its traditional scamware, StartPagePreview.com/security/xp/ also may attempt to install other kinds of PC threats, such as Trojan downloaders from the Zlob family. Despite its appearance as a 'safe' site that supposedly wants to help protect your PC, malware experts discourage any contact with StartPagePreview.com/security/xp/ and strongly advise the use of anti-malware products to disinfect any PC that may have had a brush with this toxic website.
A Preview of What Awaits Your PC with StartPagePreview.com/security/xp/
StartPagePreview.com/security/xp/ is a specialist in the threat industry as a Web domain that promotes fake software products to encourage you to purchase their 'services.' Contact with StartPagePreview.com/security/xp/ may result in the victim being forced to sit through a simulated system scan, series of fake pop-up alerts or other prompts that ultimately request you to install a rogue security product. The product in question may be marketed in the disguise of an anti-spyware, anti-virus or general anti-malware program.
Malware experts consider variants of FakeRean to be the most probable payload from StartPagePreview.com/security/xp/, which may install its threats regardless of whether or not you choose to download anything at its request. Typical scamware products distributed by StartPagePreview.com/security/xp/ attacks may generate fraudulent security warnings, (inaccurately) imitate the system scans of an actual anti-malware product, display fake warning pages in your browser and/or block real security applications.
How to Beat a Fake Security Problem with Genuine Security Software
Although fraudulent security warnings and other such symptoms are the most obvious aspects of a scamware infection, they also may be implicated in other attacks, such as disabling security features or installing new PC threats. Malware experts currently categorize StartPagePreview.com/security/xp/ as a compromised website and infection vector that always should be avoided. If your browser does have any unprotected contact with StartPagePreview.com/security/xp/, you should immediately act on the possibility of your PC being infected through drive-by-download exploits.
If software installed through StartPagePreview.com/security/xp/ blocks necessary security programs or features, disabling most basic PC threats can be done with Safe Mode or, in extreme cases, by a reboot from a separate OS loaded onto any peripheral device. With a sterile scanning environment providing, your anti-malware products can remove StartPagePreview.com/security/xp/ from your PC with no long term ill effects.
You also should be attentive to the various disguises fake security products from StartPagePreview.com/security/xp/ are likely to use during their attacks. Some of the samples of brand names that malware experts have come across include Win 7 Defender Pro, Privacy Protection, XP Home Security 2012, XP Guardian, Vista Antivirus Pro 2010 and Total Win 7 Security. However, this list isn't conclusive, and new members are being added to prominent scamware families on a regular basis.
Technical Details
File System Modifications
ncompat.tlb
File name: ncompat.tlbMime Type: unknown/tlb
uimcu.dll
File name: uimcu.dllFile type: Dynamic link library
Mime Type: unknown/dll
dtjby.dll
File name: dtjby.dllFile type: Dynamic link library
Mime Type: unknown/dll
btrklfr.dll
File name: btrklfr.dllFile type: Dynamic link library
Mime Type: unknown/dll
%UserProfile%\Application Data\Microsoft\Crypto\RSA
File name: %UserProfile%\Application Data\Microsoft\Crypto\RSA%UserProfile%\Application Data\Microsoft\Protect
File name: %UserProfile%\Application Data\Microsoft\Protectdumpserv.com
File name: dumpserv.comFile type: Command, executable file
Mime Type: unknown/com
nvctrl.exe
File name: nvctrl.exeFile type: Executable File
Mime Type: unknown/exe
msmsgs.exe
File name: msmsgs.exeFile type: Executable File
Mime Type: unknown/exe
hp[X].tmp
File name: hp[X].tmpFile type: Temporary File
Mime Type: unknown/tmp
msvol.tlb
File name: msvol.tlbMime Type: unknown/tlb
antzozc.dll
File name: antzozc.dllFile type: Dynamic link library
Mime Type: unknown/dll
ictmdl.dll
File name: ictmdl.dllFile type: Dynamic link library
Mime Type: unknown/dll
isfmdl.dll
File name: isfmdl.dllFile type: Dynamic link library
Mime Type: unknown/dll
icthis.exe
File name: icthis.exeFile type: Executable File
Mime Type: unknown/exe
nczupfw.dll
File name: nczupfw.dllFile type: Dynamic link library
Mime Type: unknown/dll
ictun.exe
File name: ictun.exeFile type: Executable File
Mime Type: unknown/exe
isfmntr.exe
File name: isfmntr.exeFile type: Executable File
Mime Type: unknown/exe
isfun.exe
File name: isfun.exeFile type: Executable File
Mime Type: unknown/exe
Trojan.Zlob|eulbn.dll
File name: Trojan.Zlob|eulbn.dllFile type: Dynamic link library
Mime Type: unknown/dll
werbetpwg.dll
File name: werbetpwg.dllFile type: Dynamic link library
Mime Type: unknown/dll
sysdivx.dll
File name: sysdivx.dllFile type: Dynamic link library
Mime Type: unknown/dll
vipextnog.dll
File name: vipextnog.dllFile type: Dynamic link library
Mime Type: unknown/dll
werbetlrw.dll
File name: werbetlrw.dllFile type: Dynamic link library
Mime Type: unknown/dll
vipextgpk.dll
File name: vipextgpk.dllFile type: Dynamic link library
Mime Type: unknown/dll
werbettxf.dll
File name: werbettxf.dllFile type: Dynamic link library
Mime Type: unknown/dll
vipextpxm.dll
File name: vipextpxm.dllFile type: Dynamic link library
Mime Type: unknown/dll
voipwet.dll
File name: voipwet.dllFile type: Dynamic link library
Mime Type: unknown/dll
hdtip.dll
File name: hdtip.dllFile type: Dynamic link library
Mime Type: unknown/dll
G2-tmp.exe
File name: G2-tmp.exeFile type: Executable File
Mime Type: unknown/exe
G5-tmp.exe
File name: G5-tmp.exeFile type: Executable File
Mime Type: unknown/exe
fsehfcu.dll
File name: fsehfcu.dllFile type: Dynamic link library
Mime Type: unknown/dll
qhcvdw.dll
File name: qhcvdw.dllFile type: Dynamic link library
Mime Type: unknown/dll
findsiteonline.dll
File name: findsiteonline.dllFile type: Dynamic link library
Mime Type: unknown/dll
1201639705.dll
File name: 1201639705.dllFile type: Dynamic link library
Mime Type: unknown/dll
1201639702.dll
File name: 1201639702.dllFile type: Dynamic link library
Mime Type: unknown/dll
ofcpi.dll
File name: ofcpi.dllFile type: Dynamic link library
Mime Type: unknown/dll
1202030455.dll
File name: 1202030455.dllFile type: Dynamic link library
Mime Type: unknown/dll
iinqyl.dll
File name: iinqyl.dllFile type: Dynamic link library
Mime Type: unknown/dll
1198448796.dll
File name: 1198448796.dllFile type: Dynamic link library
Mime Type: unknown/dll
sbmdl.dll
File name: sbmdl.dllFile type: Dynamic link library
Mime Type: unknown/dll
sbmntr.exe
File name: sbmntr.exeFile type: Executable File
Mime Type: unknown/exe
sbsm.exe
File name: sbsm.exeFile type: Executable File
Mime Type: unknown/exe
sbun.exe
File name: sbun.exeFile type: Executable File
Mime Type: unknown/exe
scit.exe
File name: scit.exeFile type: Executable File
Mime Type: unknown/exe
scm.exe
File name: scm.exeFile type: Executable File
Mime Type: unknown/exe
scu.exe
File name: scu.exeFile type: Executable File
Mime Type: unknown/exe
uninst.exe
File name: uninst.exeFile type: Executable File
Mime Type: unknown/exe
wamdl.dll
File name: wamdl.dllFile type: Dynamic link library
Mime Type: unknown/dll
waun.exe
File name: waun.exeFile type: Executable File
Mime Type: unknown/exe
1198448799.dll
File name: 1198448799.dllFile type: Dynamic link library
Mime Type: unknown/dll
laf1.exe
File name: laf1.exeFile type: Executable File
Mime Type: unknown/exe
1202567261.dll
File name: 1202567261.dllFile type: Dynamic link library
Mime Type: unknown/dll
1202650266.dll
File name: 1202650266.dllFile type: Dynamic link library
Mime Type: unknown/dll
1203140349.dll
File name: 1203140349.dllFile type: Dynamic link library
Mime Type: unknown/dll
1204372749.dll
File name: 1204372749.dllFile type: Dynamic link library
Mime Type: unknown/dll
1203634438.dll
File name: 1203634438.dllFile type: Dynamic link library
Mime Type: unknown/dll
1203846321.dll
File name: 1203846321.dllFile type: Dynamic link library
Mime Type: unknown/dll
1204460162.dll
File name: 1204460162.dllFile type: Dynamic link library
Mime Type: unknown/dll
1204885300.dll
File name: 1204885300.dllFile type: Dynamic link library
Mime Type: unknown/dll
antiviirus.exe
File name: antiviirus.exeFile type: Executable File
Mime Type: unknown/exe
dkxrstqqgr.dll
File name: dkxrstqqgr.dllFile type: Dynamic link library
Mime Type: unknown/dll
apdqnxp.dll
File name: apdqnxp.dllFile type: Dynamic link library
Mime Type: unknown/dll
enlfxgw.dll
File name: enlfxgw.dllFile type: Dynamic link library
Mime Type: unknown/dll
1205289674.dll
File name: 1205289674.dllFile type: Dynamic link library
Mime Type: unknown/dll
altvxvm.dll
File name: altvxvm.dllFile type: Dynamic link library
Mime Type: unknown/dll
bokpkov.dll
File name: bokpkov.dllFile type: Dynamic link library
Mime Type: unknown/dll
drnpfdxxrs.dll
File name: drnpfdxxrs.dllFile type: Dynamic link library
Mime Type: unknown/dll
drnpfdxrqv.dll
File name: drnpfdxrqv.dllFile type: Dynamic link library
Mime Type: unknown/dll
etlrlws.dll
File name: etlrlws.dllFile type: Dynamic link library
Mime Type: unknown/dll
drnpfdxsfn.dll
File name: drnpfdxsfn.dllFile type: Dynamic link library
Mime Type: unknown/dll
1205847823.dll
File name: 1205847823.dllFile type: Dynamic link library
Mime Type: unknown/dll
Registry Modifications
HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE msmsgs.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}HKEY_CURRENT_USER\Software\Online Add-on {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe}HKEY_CURRENT_USER\Software\Online Add-on{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}c7cd9e83-3bf6-47f8-b2e2-b114c96c1888BA0BACB5-FC95-451E-94D2-4959AB0949D2F10587E9-0E47-4CBE-84AE-7DD20B8684CCF10587E9-0E47-4CBE-ABCD-7DD20B8622FF10C52A42-DB8B-4ade-AA4A-CED6A8282B857265100a-17e1-41bf-bd08-63b95a25a9c3{27cb634d-c84e-4c00-9b53-f5523601dbad}{747e1fbe-b70f-441d-bbca-6e536c04924a}{81705D67-3F73-4983-859B-97D0922E5ABE}{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}{E85F6AA5-7A0C-49A5-9E5E-936FED62347D}{F7D09218-46D7-4D3D-9B7F-315204CD0836}{499B8A53-5949-4625-A8BF-A4D934AFC9DA}{E63648F7-3933-440E-B4F6-A8584DD7B7EB}{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}{C03FD59D-9104-44B7-929A-9EAA0BA05211}{2C566C34-7D72-4DC1-9BBE-1121A76698F8}{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}{03B902B1-9B25-4173-9468-56775C85A8D4}{8F10DE2B-E923-4548-B524-4D9C5FA80777}{D4FEDE82-C500-4AA4-BB99-A4DAE5A65A46}{0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8}{6D7990CB-1D01-4554-9EED-75BDC6406FC2}HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exeHKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.