Read the same in:

Home / Fighting malicious programs / Rogue security software

Home products
1-5 computers

Small Office Security
5-10 computers

Business products
Workstations & Servers protection

Fighting malicious programs
How to disinfect...

Kaspersky Virus Scanner for Mac

Kaspersky Security Scan 2.0

Kaspersky Virus Removal Tool 2011

Virus-fighting utilities

Viruses and solutions

PC and online safety

Rogue security software

Kaspersky Rescue Disk 10

Remove banner from Desktop, unlock Windows

Training and Certification
Take an educational course and become a certified security specialist

Self Service
More help online

Support Services and Contacts
Information about support services and rules

Virus Activity

virus activity is normal

XP Antivirus 2012 (MultiFakeAV)

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. For your convenience in this section we gathered all known rogue security software in one list by alphabet.

XP Antivirus 2012 (MultiFakeAV)
ID Article: 7602	Other languages:	3	2012 Jan 23 15:02	Printable version

1. Program description

XP Antivirus 2012 is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provides the user with no protection (Rogue Security Software). This rogue scanner program able to change their name depend on the operating system, on Windows 7 for example, the name is Win 7 Antispyware 2012.

2. Actions

The program starts a misleading scan process. Once the scan is started XP Antivirus 2012 generates and shows fake messages about viruses, Trojans and worms detected on the computer. Still the detected viruses cannot be deleted unless the program license is purchased.

3. Files

During the installation XP Antivirus 2012 copies the following files to the hard drive:

%AllUsersProfile%\Application Data\157850g1p046c522p184r5dtv4q8
%AppData%\157850g1p046c522p184r5dtv4q8
%Temp%\157850g1p046c522p184r5dtv4q8
%UserProfile%\Templates\157850g1p046c522p184r5dtv4q8
%UserProfile%\Local Settings\Application Data\%random%.exe

4. System registry

In order to function normally XP Antivirus 2012 creates the following branches in the system registry:

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”

HKEY_CLASSES_ROOT\.exe
(Default) = exefile

HKEY_CLASSES_ROOT\.exe\
Content Type = application/x-msdownload
DefaultIcon = %1

HKEY_CLASSES_ROOT\.exe\shell\open\command
(Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\.exe\shell\runas\command
(Default) = “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\exefile
(Default) = Application
Content Type = application/x-msdownload
DefaultIcon = %1

HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\exefile\shell\runas\command
(Default) = “%1″ %*
IsolatedCommand = “%1″ %*

5. Screenshots of the program

6. XP Antivirus 2012 removal

Before uninstalling XP Antivirus 2012 by OS Windows standard tools, register the software using any email address and the following code:

3425-814615-3990

	Useful references
	Download trial version of Kaspersky Lab product Download Kaspersky Removal Tool 2011

Stay connected