Home Malware Programs Rogue Anti-Spyware Programs XP Antimalware 2011

XP Antimalware 2011

Posted: November 15, 2010

XP Antimalware 2011 is a rogue anti-spyware program created to pilfer money out of unsuspecting users. XP Antimalware 2011 spreads via Trojans and creates a start-up registry entry by modifying the browser settings. Then XP Antimalware 2011 will simulate a fake system scanner and display fake security alerts or pop-ups, all claiming that the system is infected. A victim will be prompted to purchase the "full version" of XP Antimalware 2011 in order to remove all the detected infections. XP Antimalware 2011 is unable to detect or remove computer infections; do not trust this application.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\AppData\Local\MSASCui.exe
    2 %UserProfile%\AppData\Local\opRSK
    3 %UserProfile%\AppData\Local\pw.exe
    4 %UserProfile%\Local Settings\Application Data\MSASCui.exe
    5 %UserProfile%\Local Settings\Application Data\opRSK
    6 %UserProfile%\Local Settings\Application Data\pw.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command][HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]HKEY..\..\..\..{RegistryKeys}"Content Type"="application/x-msdownload"@="exefile"[HKEY_CLASSES_ROOT\.exe\shell\open\command][HKEY_CLASSES_ROOT\.exe][HKEY_CLASSES_ROOT\secfile]
Loading...