cancel
Showing results for 
Search instead for 
Did you mean: 

XP Security 2012

anandd
Level 9
0 4 371

It’s but obvious you might have heard people telling that in 2012 the world will come to an end, but not for this rogue FakeAV (read:XP Security 2012).

Fake AV software’s aka Fraud AV’s are one of themost popular malwares being seen these days. Although they were present, the numbersof fake AV Trojans are rapidly increasing day by day and their main motivebehind this is to make quick money by enticing unsuspecting or novice users whofall into their trap.

So what does this XP Security 2012 do?


Upon execution, the malware throws up a window showing a lot of files as infected

renap.JPG

As you can see the title it says “UnregisteredVersion” and again if you click on any other tabs on the left hand side like Personal security or Proactive Defense, they will all be disabled and it will prompt you to enable or register your version of “XP Security 2012”.

renap2.JPG

Apart from that it will also keep throwing messages like “System in Danger” to create fear among the users.

renap5.JPG

Once the unsuspecting users click on “Register”,which is what the malware guys are expecting you to do it takes you straightaway to some rogue site and asks you to provide your personal details as can be seen below

renap3.JPG

Once you enter these, comes the most interesting part for the bad guys as this is what they have been waiting for – “Money” and to get that they ask you to provide your credit card details
renap4.JPG

Apart from the above, the file also drops or copiesitself into the following locations:


C:\Documents and Settings\Administrator\LocalSettings\Application Data\g8v4b5de0b26j82m6ftqwv6f0aire

C:\Documents and Settings\Administrator\LocalSettings\Application Data\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\Administrator\LocalSettings\Temp\g8v4b5de0b26j82m6ftqwv6f0aire

C:\Documents andSettings\Administrator\Templates\g8v4b5de0b26j82m6ftqwv6f0aire

C:\Documents and Settings\All Users\ApplicationData\g8v4b5de0b26j82m6ftqwv6f0aire

renap6.JPG

The users need to be aware of this sort of FraudAV’s or Fake AV’s being on the rise and the only way to protect oneself fromthese are by being aware and installing a proper AV like McAfee.

McAfee users are protected by some of the variants of this malware as McAfee has detection with the name “FakeAlert-Rena.p”.


4 Comments
phyllis1957
Level 7
0 0 371

Hello,

I just installed mcAfee on my desktop less than a week ago.  Today I got infected with the above virus.

Why didn't McAfee protect my computer (as the writer above says it does)?

- Phyllis

tomjohnson98
Level 7
0 0 371

Hello, As Phyllis1957 states I too have updated virus protestion software and yet have been infected with the above. How do we remove it?

csporty
Level 7
0 0 371

I've had McAfee for YEARS!! and got infected with this Virus last Friday !! Still trying to figure out how to get rid of it !!!

kuttus
Level 9
0 0 371

In some caes i am able to see ping.exe in the Task Manager. That one is taking lots of memory also.