It’s but obvious you might have heard people telling that in 2012 the world will come to an end, but not for this rogue FakeAV (read:XP Security 2012).
Fake AV software’s aka Fraud AV’s are one of themost popular malwares being seen these days. Although they were present, the numbersof fake AV Trojans are rapidly increasing day by day and their main motivebehind this is to make quick money by enticing unsuspecting or novice users whofall into their trap.
So what does this XP Security 2012 do?
Upon execution, the malware throws up a window showing a lot of files as infected
As you can see the title it says “UnregisteredVersion” and again if you click on any other tabs on the left hand side like Personal security or Proactive Defense, they will all be disabled and it will prompt you to enable or register your version of “XP Security 2012”.
Apart from that it will also keep throwing messages like “System in Danger” to create fear among the users.
Once the unsuspecting users click on “Register”,which is what the malware guys are expecting you to do it takes you straightaway to some rogue site and asks you to provide your personal details as can be seen below
Apart from the above, the file also drops or copiesitself into the following locations:
C:\Documents and Settings\Administrator\LocalSettings\Application Data\g8v4b5de0b26j82m6ftqwv6f0aire
C:\Documents and Settings\Administrator\LocalSettings\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\Administrator\LocalSettings\Temp\g8v4b5de0b26j82m6ftqwv6f0aire
C:\Documents and Settings\All Users\ApplicationData\g8v4b5de0b26j82m6ftqwv6f0aire
The users need to be aware of this sort of FraudAV’s or Fake AV’s being on the rise and the only way to protect oneself fromthese are by being aware and installing a proper AV like McAfee.
McAfee users are protected by some of the variants of this malware as McAfee has detection with the name “FakeAlert-Rena.p”.