FakeXPA

Even though there are many rogues out there, they are usually grouped into certain families and FakeXPA is one of those groups. It is a family of fake antivirus programs such as Cyber Security, Antivir, Antivirus 2010 and so on. Just like any other rogues, these fake applications enter your computer in secret and then display a wide range of fake warnings, telling you that your computer is infected with viruses and you need to pay for the full version of FakeXPA in order to terminate the aforementioned threats. Needless to say, that it is a blatant lie and FakeXPA only wants your money. What is more, this rogue poses a great threat to your personal data security, because according to the security experts, it sometimes downloads Win32/Alureon which is a data-stealing Trojan.

Since there are many rogues that belong to the FakeXPA family, the symptoms of the infection differ according to which version you are infected with. As a result, the user interface also differs from one rogue to the other, but most of the time, the rogues have a shield icon in next to their logo which either has the trademark Windows colors, or is in checkered blue and yellow, that is also a staple color scheme of a popular antivirus program. Thus, FakeXPA tries to trick the unsuspecting user into believing that the rogue is a part of legitimate software or that it is a reliable product, and unfortunately, a lot of users fall into this trap. Apart from the rogues that have been mentioned already, there are also other threats that belong to the FakeXPA family, such as AVG Antivurs 2011, Antivirus GT, Antivirus 7, Personal Antivirus, Personal Security, XP Antivirus and many more.

When a rogue from the FakeXPA family invades your computer, it adds keys into the registry making the rogue load automatically every time you boot your Windows. It can also search for antivirus program in order to disable the malware alert messages. In order to do that, the FakeXPA rogues uses low-level NTFS disk writes in order to overwrite exe files that correspond to the security programs that are installed in your computer. If the overwrite is successful, the files can no longer be run and the security programs are disabled. It might also result in a small error box appearing right when FakeXPA disables the security program.

Then it floods you with fake security notifications and urges you to purchase the program, but you should never do that. Remove FakeXPA instead to get your computer back to normal. It is recommended to terminate the rogue with a reliable antimalware software application, because that way you will be sure that you have removed FakeXPA together with all of its components.