Windows XP Repair
Posted: June 20, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 12 |
First Seen: | June 20, 2011 |
---|---|
OS(es) Affected: | Windows |
Windows XP Repair is yet another entry into a line of rogue defragmenters (or defraggers) that specialize in creating fake infection alerts to mislead you about your PC health. Although Windows XP Repair bears a different name, Windows XP Repair uses almost all of the same code as Windows XP Repair's clones, with a similar appearance and overall behavior. Windows XP Repair may attack your ability to view files, stop programs from working or hijack your browser while also faking Windows XP Repair's error-detecting features. Exterminate Windows XP Repair infections with prejudice and, ideally, the assistance of a good security or anti-virus application.
Windows XP Repair: Full of Fake Excuses for Real Theft
Windows XP Repair masquerades as a defragmenter with a remarkable set of broad features for detecting, not just fragmentation, but also Registry errors, read/write errors and other general problems. Sadly, once Windows XP Repair has your trust, Windows XP Repair yanks the rug out from your feet and creates an effectively infinite number of 'problems' that require you to spend money to fix.
Although Windows XP Repair tries to sell Windows XP Repair's full version to you as the only way to stop the many errors that Windows XP Repair points out, all of these errors and alerts are inaccurate and don't give you a true sense of your PC health. Some of Windows XP Repair's fake errors include:
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
Windows can't find hard disk space. Hard drive error.
Critical Error!
Windows was unable to save all the data for the file System32496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows XP Repair is closely related to other threats like Windows Repair, Windows Recovery, Windows XP Restore, Windows Vista Restore, and Windows 7 Restore. Like all these other rogue security programs, there's no reason to purchase Windows XP Repair, since Windows XP Repair can't detect or remove any of the problems that Windows XP Repair markets itself as being able to solve.
Windows XP Repair's Last Resorts to Make you Panic
The simple fake detection scam that Windows XP Repair uses is enhanced by a number of other problems that Windows XP Repair can cause, to make it look like these fake threats are really on your PC.
- Windows XP Repair may alter the Windows Explorer program to make certain files or folders not appear or to appear in the wrong locations. This attack doesn't do any real harm to the files or folders, which can be seen in their normal locations once you've deactivated Windows XP Repair.
- Like many other rogue security programs, Windows XP Repair is also capable of attacking Windows diagnostic tools and anti-virus scanners, preventing them from launching to stop you from deleting Windows XP Repair. Windows XP Repair may even create a pop-up that tells you (falsely) that the program is contaminated with a keylogger or other serious threat.
- Windows XP Repair also dabbles in browser hijacks, which can force your web browser to display fake content or redirect you to a dangerous website. Having your homepage changed to Windows XP Repair's home website or another harmful site is one of the most common symptoms of hijacking.
The code '8475082234984902023718742058948' may be able to deactivate Windows XP Repair, but this code isn't a replacement for removing Windows XP Repair with anti-malware software.
File System Modifications
- The following files were created in the system:
# File Name 1 %CommonAppData%\[RANDOM CHARACTERS] 2 %CommonAppData%\[RANDOM CHARACTERS].exe 3 %UserProfile%\Desktop\Windows XP Repair.lnk 4 %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = YesHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM CHARACTERS].exe
Additional Information on Windows XP Repair
- The following messages's were detected:
# Message 1 The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.2 Critical error
Windows can`t find disk space. Hard drive error.3 System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.4 Windows – No Disk
Exception Processing Message 0×00000135 Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ALLUSERSPROFILE%\Application Data\93hFFPH3z.exe
File name: 93hFFPH3z.exeSize: 356.35 KB (356352 bytes)
MD5: 4ef5a67c74f0b6e1ff877e9340ba14ed
Detection count: 8
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: June 20, 2011
these fake alerts are so exasperating . I have come across several infected computers
over the last few months. Most of them have antivirus installed on them. I have used malwarebytes,combofix,rkill mcafee and others ,There is no magic bullet to clean them, it seems that a long drawn out manual process that is above the average users ability is the only way to get a 90% clean rate. I wish someone would come out with a program that identifys this malware process and stops it and or removes it,but for now the malware writers are smarter than the antimalware group
Randy