Click on screenshot to zoom
Danger level 8
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:

FakeXPA

Even though there are many rogues out there, they are usually grouped into certain families and FakeXPA is one of those groups. It is a family of fake antivirus programs such as Cyber Security, Antivir, Antivirus 2010 and so on. Just like any other rogues, these fake applications enter your computer in secret and then display a wide range of fake warnings, telling you that your computer is infected with viruses and you need to pay for the full version of FakeXPA in order to terminate the aforementioned threats. Needless to say, that it is a blatant lie and FakeXPA only wants your money. What is more, this rogue poses a great threat to your personal data security, because according to the security experts, it sometimes downloads Win32/Alureon which is a data-stealing Trojan.

Since there are many rogues that belong to the FakeXPA family, the symptoms of the infection differ according to which version you are infected with. As a result, the user interface also differs from one rogue to the other, but most of the time, the rogues have a shield icon in next to their logo which either has the trademark Windows colors, or is in checkered blue and yellow, that is also a staple color scheme of a popular antivirus program. Thus, FakeXPA tries to trick the unsuspecting user into believing that the rogue is a part of legitimate software or that it is a reliable product, and unfortunately, a lot of users fall into this trap. Apart from the rogues that have been mentioned already, there are also other threats that belong to the FakeXPA family, such as AVG Antivurs 2011, Antivirus GT, Antivirus 7, Personal Antivirus, Personal Security, XP Antivirus and many more.

When a rogue from the FakeXPA family invades your computer, it adds keys into the registry making the rogue load automatically every time you boot your Windows. It can also search for antivirus program in order to disable the malware alert messages. In order to do that, the FakeXPA rogues uses low-level NTFS disk writes in order to overwrite exe files that correspond to the security programs that are installed in your computer. If the overwrite is successful, the files can no longer be run and the security programs are disabled. It might also result in a small error box appearing right when FakeXPA disables the security program.

Then it floods you with fake security notifications and urges you to purchase the program, but you should never do that. Remove FakeXPA instead to get your computer back to normal. It is recommended to terminate the rogue with a reliable antimalware software application, because that way you will be sure that you have removed FakeXPA together with all of its components.

Download Spyware Removal Tool to Remove* FakeXPA
  • Quick & tested solution for FakeXPA removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove FakeXPA

Files associated with FakeXPA infection:

av2009.exe
west.exe
InstallAVg_77081507.exe
MalvRem_257.exe
Vir7remover_2014-1_b8.exe
InstallAVv_880385.exe
InstallAVv_77043301.exe
Scanner-f524fb_2006-63.exe
Alpha-Scan-32a1_2024-5.exe
setup_2005-19_b5.exe
pav.exe
Setup_364s1.exe
MicrosoftExtensions.dll
InstallAVv_77023206.exe
userinit.exe
av360.exe
Install_2018-2.exe
AVbinrun_2013_b8.exe
wdn.exe
WindowsGenuine.dll
win32extension.dll
UpdateExplorer.dll
UpdateCheck.dll
setup_2013_br7.exe
setup.exe
seq_2013-1_mrt8.exe
pseq_2003-1_qt8.exe
powersecure_2053_ibr8.exe
powersecure_2042-2_xrq8.exe
powersecure_2013_gbn8.exe
msiexecs.exe
Install_2011-2.exe
iesafemode.exe
e-set.exe
bitav_2042-8_ext8.exe
avinst_2003-1_gh8.exe
avg.exe
av8.exe
MalvRem_312s1.exe
ASetup_2024-6.exe
Setup_40s8.exe
setup_10014_509_.exe
AV7instal_2013.exe
Vir7remover_2009_b2.exe
AGTwin_2005-19_b5.exe
UpdateExplorer.dll
ASetup_2002-2.exe
XPantivirus2008_v880167.exe
msv.exe
QWProtect.dll
msupdate.exe
SysLoader.exe
Antivirus-29a_2024-2.exe
WinAntivirusPro.exe
Setup_436.exe
UpdateCheck.dll
setup_2022_b8.exe
AV2010.exe
antivirus7.exe
N1.exe

FakeXPA DLL's to remove:

UpdateExplorer.dll
WindowsGenuine.dll
win32extension.dll
UpdateExplorer.dll
UpdateCheck.dll
UpdateCheck.dll
MicrosoftExtensions.dll
QWProtect.dll

FakeXPA processes to kill:

Setup_364s1.exe
Setup_436.exe
AGTwin_2005-19_b5.exe
AVbinrun_2013_b8.exe
pav.exe
msv.exe
AV2010.exe
InstallAVv_77023206.exe
MalvRem_312s1.exe
XPantivirus2008_v880167.exe
Scanner-f524fb_2006-63.exe
Setup_40s8.exe
InstallAVv_77043301.exe
antivirus7.exe
setup_2022_b8.exe
wdn.exe
setup_2013_br7.exe
setup.exe
seq_2013-1_mrt8.exe
pseq_2003-1_qt8.exe
powersecure_2053_ibr8.exe
powersecure_2042-2_xrq8.exe
powersecure_2013_gbn8.exe
msiexecs.exe
Install_2011-2.exe
iesafemode.exe
e-set.exe
bitav_2042-8_ext8.exe
avinst_2003-1_gh8.exe
avg.exe
av8.exe
Antivirus-29a_2024-2.exe
setup_2005-19_b5.exe
av360.exe
WinAntivirusPro.exe
userinit.exe
AV7instal_2013.exe
Vir7remover_2014-1_b8.exe
av2009.exe
SysLoader.exe
Install_2018-2.exe
Alpha-Scan-32a1_2024-5.exe
Vir7remover_2009_b2.exe
ASetup_2002-2.exe
InstallAVg_77081507.exe
msupdate.exe
setup_10014_509_.exe
InstallAVv_880385.exe
N1.exe
MalvRem_257.exe
ASetup_2024-6.exe
west.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.