XP Internet Security 2012
Posted: June 8, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 64 |
| First Seen: | December 14, 2011 |
|---|---|
| Last Seen: | November 18, 2020 |
| OS(es) Affected: | Windows |
XP Internet Security 2012 is a rogue anti-virus scanner that fakes virus detection and removal to convince you to purchase its software registration. Computers infected by XP Internet Security 2012 will display pop-ups that indicate that many different files are infected with high-level threats, but XP Internet Security 2012 only has the power to fake threat detection with false positives. Deleting XP Internet Security 2012 with the help of a good anti-malware application is strongly recommended, due to XP Internet Security 2012's proclivity for browser hijacks and blacklisting security programs to prevent them from running.
A Multi-Named Rogue Security Program with Multi-Pronged Threats
XP Internet Security 2012 isn't the first rogue security program to use its interface or even most of its code. Like many other rogue security programs, XP Internet Security 2012 is a small part of a larger group of threats that reuse most of their code with different names slapped on top. Some of XP Internet Security 2012's most recently-emerged relatives are XP Total Security 2012, Vista Total Security 2012, Vista Internet Security 2012, XP Anti-Spyware 2012 and Win 7 Anti-Virus 2012.
Even though XP Internet Security 2012 can create imitative system scans or pop-ups that warn you about infections, XP Internet Security 2012 doesn't have any real threat detection code to make these features useful. Instead of finding real threats, XP Internet Security 2012 will create fake ones with pop-up text like the examples below:
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.
Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.
Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
There's no need to pay attention to XP Internet Security 2012's warnings, since they're only used to make you purchase a registration key to remove threats that don't exist. If you've purchased XP Internet Security 2012 by mistake, talk to your credit card company and have your card canceled to avoid any other charges.
Securing Your PC from XP Internet Security 2012
Before removing XP Internet Security 2012, you'll have to jump over several hurdles that XP Internet Security 2012 uses to avoid being detected and deleted:
- XP Internet Security 2012 will run constantly, since a simple Registry addition lets XP Internet Security 2012 become a basic part of your Windows startup routine.
- XP Internet Security 2012 will also prevent you from using a number of programs, especially anti-malware and system diagnostic programs. Ignore any messages that XP Internet Security 2012 issues when it blocks a program – this is strictly to make you think that XP Internet Security 2012 isn't the guilty part.
- If you attempt to use a popular web browser, XP Internet Security 2012 will hijack it to control which websites you visit. This can include changing your homepage, switching your search results and creating fake 'unsafe website' warning screens.
The most readily-accessible way of stopping these attacks is to reboot into Safe Mode, which is available to all Windows PCs. Once Safe Mode has prevented XP Internet Security 2012 from starting, you can use your choice of anti-virus software to remove XP Internet Security 2012.
File System Modifications
- The following files were created in the system:
# File Name 1 %AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h %LocalAppData%\kdn.exe %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h %Temp%\u3f7pnvfncsjk2e86abfbj5h %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h 2 [RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'HKEY_CURRENT_USER\Software\XP Internet Security 2012HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\XP Internet Security 2012HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}XP Internet Security 2012
Additional Information on XP Internet Security 2012
- The following messages's were detected:
# Message 1 Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.2 Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.3 XP Internet Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?
i ordered xp internet security last week and i need to know the web page or how to get to it