It’s but obvious you might have heard people telling that in 2012 the world will come to an end, but not for this rogue FakeAV (read:XP Security 2012).

Fake AV software’s aka Fraud AV’s are one of themost popular malwares being seen these days. Although they were present, the numbersof fake AV Trojans are rapidly increasing day by day and their main motivebehind this is to make quick money by enticing unsuspecting or novice users whofall into their trap.

 

So what does this XP Security 2012 do?


Upon execution, the malware throws up a window showing a lot of files as infected

 

renap.JPG

 

As you can see the title it says “UnregisteredVersion” and again if you click on any other tabs on the left hand side like Personal security or Proactive Defense, they will all be disabled and it will prompt you to enable or register your version of “XP Security 2012”.

renap2.JPG

 

Apart from that it will also keep throwing messages like “System in Danger” to create fear among the users.

renap5.JPG

Once the unsuspecting users click on “Register”,which is what the malware guys are expecting you to do it takes you straightaway to some rogue site and asks you to provide your personal details as can be seen below

renap3.JPG

 

Once you enter these, comes the most interesting part for the bad guys as this is what they have been waiting for – “Money” and to get that they ask you to provide your credit card details
renap4.JPG

Apart from the above, the file also drops or copiesitself into the following locations:


C:\Documents and Settings\Administrator\LocalSettings\Application Data\g8v4b5de0b26j82m6ftqwv6f0aire

C:\Documents and Settings\Administrator\LocalSettings\Application Data\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\Administrator\LocalSettings\Temp\g8v4b5de0b26j82m6ftqwv6f0aire

C:\Documents andSettings\Administrator\Templates\g8v4b5de0b26j82m6ftqwv6f0aire

C:\Documents and Settings\All Users\ApplicationData\g8v4b5de0b26j82m6ftqwv6f0aire

renap6.JPG

 

The users need to be aware of this sort of FraudAV’s or Fake AV’s being on the rise and the only way to protect oneself fromthese are by being aware and installing a proper AV like McAfee.

McAfee users are protected by some of the variants of this malware as McAfee has detection with the name “FakeAlert-Rena.p”.