XP Antivirus 2012 is yet another member of the 2012 family of name-changing rogues. This program pretends to be a legitimate anti-virus application and, with the help of malicious advertising strategies, it tries to force through its fake full version.
XP Antivirus 2012 exploits two techniques for penetrating into a computer. The first one is via phony online scanners, which claim that the system has been infected and then prompt the user to download a file – this is the file that brings XP Antivirus 2012. The second transmission method involves Trojans, which lie in hide in hacked websites. If the user clicks through the website, the Trojans sneak into the system without asking for authorization. Then, they invite XP Antivirus 2012.
Figure 1. XP Antivirus 2012 screenshot
XP Antivirus 2012 is introduced as a Windows security update, which seems to be coming from Automatic Updates. Then, it is installed as a single .exe file, which has a random, three-character name. This file is extremely malicious and is particularly hard to remove.
With the help of malicious configurations, XP Antivirus 2012 manages to block every other executable. Regardless of what program the user is trying to launch, XP Antivirus 2012 appears in its place and claims that the given program has been infected. This is the first scare-tactic used by rogue, but it also serves as a prevention method since it aims at dissuading the user from launching their legitimate anti-virus application, believing it has been corrupted, as well.
Right after its installation, the malicious program starts flooding the PC with fake alerts and notifications, warning about non-existing security threats, with the mere intention of provoking the victim to start a scan with XP Antivirus 2012. Some of the alerts the rogue produces are:
XP Antivirus 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?
XP Antivirus 2012 Firewall Alert
XP Antivirus 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen Private data can be stolen by third parties, including credit card details and passwords.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Though the pop-ups report false information, some people are tricked into clicking on them since they seem genuine. However, whether you click on them or not, the fake scanning tool of the program will be launched. It pretends to be searching for viruses, but it is, in fact, incapable of doing so, because it is a virus itself. The outcome of XP Antivirus 2012′s scans is always the same – a variety of malware pieces are found and the user is urged to purchase the full version of XP Antivirus 2012 in order to get rid of them. Please note that the files listed by the scans are all legitimate Windows files, needed for the proper operation of the system. What is more, the full version of XP Antivirus 2012 is absolutely incapable of detecting or removing viruses. It is just a scam, invented by hackers in an attempt to gain profit by unsuspecting users.
The additional scare strategies involved in XP Antivirus 2012′s plan are connected with browsers. If the victim tries to launch Internet Explorer and Firefox from the Start Menu, XP Antivirus 2012 appears and declares that the programs have been infected. Opening one of the browsers by using another shortcut does not resolve the problem, because XP Antivirus 2012 hijacks them and blocks particular security websites. Instead of viewing the requested webpage, the user is given the following message:
XP Antivirus 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site’s pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.
Things you can do:
- Get a copy of XP Antivirus 2012 to safeguard your PC while surfing the web (RECOMMENDED) – Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)
In conclusion, all XP Antivirus 2012 can do is make you spend your money on its counterfeit full version. Therefor, it should be eliminated via a genuine AV program as soon as it creeps into a PC!
*SpyHunter’s free scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware suite to remove the malware threats.