XP Security 2012 virus infiltration

XP Security 2012

XP Security 2012

XP Security 2012 is one of the latest threats of which we would like to tell you in this article. If your computer has been infected with this type of rogue security application please keep in mind that every virus can be overcome with a decent anti-virus. So, do not exaggerate too much and do not worry more then you should. If you let this rogue program scare you this is exactly what it wants from you. So, keep in mind that you should avoid it by all means and stay away from purchasing it (because this is eventually the only and final goal of it, and some day or another you would see this offer from XP Security 2012 scam).

Fake system scan is what peculiar to XP Security 2012 virus belonging to Braviax rogue tribe. Of course, in this sense it is not really different from other scarewares. Similar to many other rogue security programs, it would amend your system in such a manner that it would be launched automatically with every Windows startup. When this item on its agenda is successfully accomplished you would have to face it each time you turn your computer on. And then this fake anti-spyware tool would initiate its fake scan of your system, imitating its attempts to clean your computer of malwares, viruses, spams and other possible threats. Just as we have already said, this is just the imitation, having nothing to do with the reality. When its fictitious system scan is successfully accomplished it would report plenty of such threats to you, but you need to realize that all of them are totally fake and far away from the truth. Remember that it would still try to convince you that they are all real and then, on this basis, to persuade you to make the purchase of its so-called full version, which is as useless as the trial one. So, do not listen to XP Security 2012. Do not trust it. It is just designed to make rogue developers richer. This scam would never help you. Stay away from purchasing it and make sure to eliminate this pest as soon as you can. Please find the removal guide here – http://www.2-viruses.com/remove-xp-security-2012



XP Security 2012 system amendments:

XP Security 2012 files added:

  • %UserProfile%\Local Settings\Application Data\opRSK
  • %UserProfile%\Local Settings\Application Data\pw.exe
  • %UserProfile%\Local Settings\Application Data\vz.exe
  • %UserProfile%\Local Settings\Application Data\MSASCui.exe
  • %UserProfile%\AppData\Local\opRSK
  • %UserProfile%\AppData\Local\pw.exe
  • %UserProfile%\AppData\Local\vz.exe
  • %UserProfile%\AppData\Local\MSASCui.exe

XP Security 2012 registry entries added:

  • HKCU\Software\Classes\pezfile
  • HKCR\pezfile
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1”
  • HKLM\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1”

Leave a Reply

Your email address will not be published. Required fields are marked *