Windows XP Fix
Posted: July 8, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 21 |
| First Seen: | July 8, 2011 |
|---|---|
| Last Seen: | January 8, 2020 |
| OS(es) Affected: | Windows |
Windows XP Fix is a defragmentation tool that creates fake infection warnings to convince you that a small army of Trojans, viruses and other PC threats are attacking your computer. Contrary to Windows XP Fix's repeated alerts, none of the infections that Windows XP Fix warns you about are present, and Windows XP Fix itself has no ability to remove them. Other issues that you may face until you've removed Windows XP Fix can include file display errors, program crashes and browser hijacks. You should delete Windows XP Fix by making use of a legitimate anti-virus program rather than trying to remove the files yourself whenever this is possible.
Why You Should Ignore Windows XP Fix's Melodramatic Pop-ups
Windows XP Fix is a direct copy of other rogue defragmenter, including Windows Disk, Windows Fix Disk, Win Defragmenter and System Defragmenter. Both Windows XP Fix and its clones will pretend to scan your PC for potential hard drive errors, and come up with unnerving results like the following:
Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.
Low Disk Space
You are running very low disk space on Local Disk (C:).
Windows - No Disk
Exception Processing Message 0x0000013
System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.
Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
These highly-alarming errors, thankfully, have no grounding in reality, and any negative results that appear to come from Windows XP Fix-detected infections is coming actually from Windows XP Fix itself. Avoid Windows XP Fix's repetitive tries at forcing you to purchase a full version of Windows XP Fix to 'cure' these problems, since such an action would only give your credit card information to criminals.
Learning to Deal with Windows XP Fix's Invisible Files Trick
Windows XP Fix also has a number of other tricks in store for your PC, although it may use error messages to make it look like an unrelated infection is the culprit. Some common Windows XP Fix attacks with the help of a Trojan include:
- Programs crashing or refusing to run. This is especially likely for security-related applications and Windows tools such as the Task Manager.
- Browser hijacks. Windows XP Fix's hijack attacks will attempt to redirect you to the Windows XP Fix website and may even create fake error pages in the process of doing so.
- A relatively unique trait of the Windows XP Fix family of rogue defragmentation tools is the ability to conceal files from viewing. This is based on a simple attack of the Windows Explorer and doesn't harm or even move the actual files; if you use another program to view your files, such as the Command Prompt, you'll be able to see the contents of your folders intact.
Removing Windows XP Fix is strongly recommended for your PC's safety, but manually deleting Windows XP Fix has been known to cause a loss of network connectivity and other problems. Using an updated anti-virus application from an official source is the best way to get rid of Windows XP Fix without other problems arising.
File System Modifications
- The following files were created in the system:
# File Name 1 %LocalAppData%\[RANDOM CHARACTERS] 2 %LocalAppData%\[RANDOM CHARACTERS].exe 3 %StartMenu%\Programs\Windows XP Fix\ 4 %StartMenu%\Programs\Windows XP Fix\Uninstall Windows XP Fix.lnk 5 %StartMenu%\Programs\Windows XP Fix\Windows XP Fix.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
Additional Information on Windows XP Fix
- The following messages's were detected:
# Message 1 Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.2 System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.3 Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.4 Fix Disk
Windows XP Fix Diagnostics will scan the system to identify performance problems.
Start or Cancel5 Windows XP Fix Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?6 Windows - No Disk
Exception Processing Message 0x00000137 System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.8 Low Disk Space
You are running very low disk space on Local Disk (C:).9 Critical Error
RAM memory usage is critically high. RAM memory failure.10 Critical Error
Hard Drive not found. Missing hard drive.11 Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.12 Critical Error!
Damaged hard drive clusters detected. Private data is at risk.13 Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.14 Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ALLUSERSPROFILE%\Application Data\eHmcHPSHLtmC.exe
File name: eHmcHPSHLtmC.exeSize: 475.13 KB (475136 bytes)
MD5: ada7d96cb1d4f576f5ac573f541bdd7f
Detection count: 79
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: January 8, 2020
%ALLUSERSPROFILE%\Application Data\14147364.exe
File name: 14147364.exeSize: 382.97 KB (382976 bytes)
MD5: 1d1da13cfeaf3c81f25791a0fe87f94a
Detection count: 78
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: July 8, 2011
Removal is quite simple.
Boot up in safe mode, run explorer and navigate to windows/systems32/restore directory.
run rstrui,exe and restore to the day before the infection.
Job done !
Davep,
That works good actually. I don't think I removed all of Windows XP Fix but it no longer pops up after removing the registry entries. I did the safe mode boot F8 and then removed the entries. Works great. Thanks bunches!
I guess that solve it.