XP Internet Security 2012 virus

January 20th, 2012 by admin Leave a reply »
Share on Tumblr

XP Internet Security 2012

XP Internet Security 2012

If you want to know the whole truth about XP Internet Security 2012 program there are many security articles, newsletters and posts published on various security forums, sites, etc. They all present quite truthful information about this program, naming it as a rogue security software. It is known to attack PCs all over the world, but, of course, primarily targeting the ones located in the Western Europe and the US. The Latin America region has also been touched by this scam but not as dramatically as other regions. The rogue developers work really hard in order to develop the software that would scare users. They actually think that the deceived and tricked people would be really convinced to effect the payment for the full license of XP Internet Security 2012 after the hoax tells them it will fix all problems. Well, poor such people are indeed. They not only waste their funds and support the crooks. By keeping and not uninstalling the above-mentioned malware they actually open the doors of their computers for other malwares to come in. The removal of this pest is what matters and what should be accomplished at the very beginning of encounter with the aforesaid malware.

There are various ways how XP Internet Security 2012 can be spread over the Web, and here are several of the most serious mistakes made by users resulting in this fake AV to infiltrate the PC:

  • Lack of a powerful anti-virus software installed and running on the machine on the permanent basis. Some people just don’t want to install any security programs, thinking that viruses won’t attack them. This is the mistake, in fact. The majority of threats come into computers when users don’t even realize this.
  • Failure of user to update the available anti-virus software or failure of the software developers to timely update the anti-spyware databases.
  • Clicking suspicious links, downloading unsecure files bundled with malwares.
  • Clicking links via social networks like Facebook and even through e-mail attachments.
  • Visiting and remaining at extremely malicious, sinful and adulterous sites.

There can be many other reasons, of course. Most often the reasons for malware infiltration are explained by failure of reliable anti-virus software to detect the infection on time and to terminate it before the very infiltration. As we said, sometimes users even don’t bother themselves installing security applications for their PC protection. Whatever the case might be, you’ve got to realize that XP Internet Security 2012 is not the software to trust. It tells you many great things of itself. First it identifies many fake PC threats and then tells you that it will get rid of them if only you pay for the license of this rogue. Do not become the victim of this malware. It is not what it claims of itself. Do not pay for this hoax. If you have already done this mistake go ahead and tell the bank that you want to reverse the charges made via your bank account or credit / debit card. Finally, please choose our recommended anti-virus application in the upper section of this blog. Please follow the instructions of how exactly this malware can be removed. The point is that it blocks your attempts to delete it, so you need to run the malware remover as Administrator to bypass the blockage. Watch how this removal process is successfully accomplished with the help of free security software tools.

Tricks to help you execute anti-virus software in spite of the blockage by this rogue:

  • Download anti-virus sofware’s installer from clean (non-infected PC, save the installer to your USB / Flash drive and transfer it to your infected computer. Right-click the installer and choose the option “Run as Administrator”. The installation process would begin. Once the sofware is installed, run its executable in the same manner (by right-clicking and choosing “Run as Administrator”).
  • If you already have one of the anti-virus softwares installed on your computer you might try running it with Administrator rights (right-click the icon at the desktop and choose the option “Run as Administrator”).

XP Internet Security 2012 system modifications:

XP Internet Security 2012 files created:

  • %UserProfile%\Local Settings\Application Data\opRSK
  • %UserProfile%\Local Settings\Application Data\pw.exe
  • %UserProfile%\Local Settings\Application Data\vz.exe
  • %UserProfile%\Local Settings\Application Data\MSASCui.exe
  • %UserProfile%\AppData\Local\opRSK
  • %UserProfile%\AppData\Local\pw.exe
  • %UserProfile%\AppData\Local\vz.exe
  • %UserProfile%\AppData\Local\MSASCui.exe

XP Internet Security 2012 registry entries created:

  • HKCU\Software\Classes\pezfile
  • HKCR\pezfile
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
  • HKLM\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

Posted in Fake AV

You can follow any responses to this entry through the RSS 2.0 Feed. You can leave a response , or trackback from your own site.

Advertisement

Leave a Reply