Click on screenshot to zoom
Danger level 8
Type: Trojans

Trojan.FakeXPA

Do not be duped! Trojan.FakeXPA is a malicious infection, which was solely designed to disrupt and damage the computer activity of any system it has infiltrated.

Being a form of a Trojan infection, Trojan.FakeXPA will enter into an unsuspecting system, covertly – without the knowledge or permission of the system user – which is rather dangerous - as the user will not even be aware of the infection until it has already embedded itself well within the system.

With the passage of time, Trojan.FakeXPA updated itself with new techniques of fooling end-users. Codes became obfuscated, and methods of infections became more complicated.

Previously, Trojan.FakeXPA was basically an end product installed by downloaders or exploits, but the most recent versions brought with them Trojan downloaders.

Recent variants of Trojan.FakeXPA started using an installer, which needed internet connectivity to complete the Trojan.FakeXPA installation.

The earlier versions were distributed as standalone installers either downloaded by the user manually or by other malware.

Recently, Trojan.FakeXPA also started to use confusing and convincing names to sell the product. The recent avatars use names like, "Antivirus2009", "Antivirus2010" and "XP Antivirus2008".

Trojan.FakeXPA had been prominent as "XP Antivirus" for a considerable amount of time. One can see slight modifications in user interface over time.

The basic user interface of Antivirus 2009 had undergone some notable changes. Other than a new name, the icon changed to make it look more like the security center icon. There were some minor changes in the main product window too.

The following basic symptoms could be a clear indication of the presence of Trojan.FakeXPA:
• Performs illicit activities under the disguise of a useful program.
• Download malicious code and programs such as key loggers.
• It is capable of fetching user’s personal and confidential information.

In addition to opening up a security–free exploit, Trojan.FakeXPA will also allow for a remote controller to gain access into the infected system, so that the remote controller will be able to take hold of all confidential information gathered from the infected system.

To protect your system against the threat of Trojan.FakeXPA and the likes of, there are 4 main rules you should always adhere to:

• Rule 1:
Keep your Windows up to date. (Tip: Regularly visit Windows Update and set your PC to receive security and critical updates automatically)

• Rule 2:
Download and install a reliable anti-spyware program, one that will recognize the current form of Trojan.FakeXPA, a well as other forms of spyware.

• Rule 3:
Install a firewall onto your system, and keep it turned on. A firewall is essential for complete protection for your system.

• Rule 4:
Keep the definitions in your anti-spyware up to date at all times.

Another way to guarantee the safety of your system, lies in the successful implementation of the following preventative steps:

• Enable a firewall on your computer.
• Get the latest computer updates for all your installed software.
• Use up-to-date antivirus software.
• Use caution when opening attachments and accepting file transfers.
• Use caution when clicking on links to web pages.

To ensure your system is safe, and in order to avoid any unneeded risks of damage to your computer system, it is highly recommended to make use of a reliable and legitimate anti-spyware application, to remove Trojan.FakeXPA and all its components from the infected computer system.

Download Spyware Removal Tool to Remove* Trojan.FakeXPA
  • Quick & tested solution for Trojan.FakeXPA removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.FakeXPA

Files associated with Trojan.FakeXPA infection:

XPantivirus2008_v880167.exe
west.exe
Vir7remover_2014-1_b8.exe
Vir7remover_2009_b2.exe
UpdateExplorer.dll
UpdateCheck.dll
Setup_436.exe
Setup_40s8.exe
Setup_364s1.exe
setup_2022_b8.exe
setup_2005-19_b5.exe
Scanner-f524fb_2006-63.exe
MicrosoftExtensions.dll
MalvRem_312s1.exe
MalvRem_257.exe
Install_2018-2.exe
InstallAVv_880385.exe
InstallAVv_77043301.exe
InstallAVv_77023206.exe
InstallAVg_77081507.exe
AV7instal_2013.exe
antivirus7.exe
Antivirus-29a_2024-2.exe
Alpha-Scan-32a1_2024-5.exe
AGTwin_2005-19_b5.exe
Abaddon.exe
ntdll64.dll
msupdate.exe
msv.exe
SysLoader.exe
WinAntivirusPro.exe
wspwprtct.exe
wspwprtc.exe
setup_10014_509_.exe
services.dll
winsrc.dll
N1.exe
AV1i.exe
userinit.exe
AV2010.exe
av360.exe
av2009.exe
pav.exe
UpdateExplorer.dll
antivirus7.exe
InstallAVv_880385.exe
Install_2018-2.exe
setup_2005-19_b5.exe
Scanner-f524fb_2006-63.exe
Setup_364s1.exe
av360.exe
InstallAVv_77043301.exe
InstallAVv_77023206.exe
QWProtect.dll
N1.exe
av2009.exe
Alpha-Scan-32a1_2024-5.exe
MalvRem_257.exe
ASetup_2002-2.exe
InstallAVg_77081507.exe
Vir7remover_2009_b2.exe
MicrosoftExtensions.dll
Setup_40s8.exe
MalvRem_312s1.exe
UpdateCheck.dll
userinit.exe
AV7instal_2013.exe
msupdate.exe
AVbinrun_2013_b8.exe
XPantivirus2008_v880167.exe
SysLoader.exe
Setup_436.exe
WinAntivirusPro.exe
setup_10014_509_.exe
AV2010.exe
west.exe
Antivirus-29a_2024-2.exe
ASetup_2024-6.exe
Vir7remover_2014-1_b8.exe
pav.exe
AGTwin_2005-19_b5.exe
setup_2022_b8.exe
msv.exe

Trojan.FakeXPA DLL's to remove:

UpdateExplorer.dll
UpdateCheck.dll
MicrosoftExtensions.dll
ntdll64.dll
services.dll
winsrc.dll
MicrosoftExtensions.dll
UpdateExplorer.dll
UpdateCheck.dll
QWProtect.dll

Trojan.FakeXPA processes to kill:

AV7instal_2013.exe
Vir7remover_2014-1_b8.exe
av360.exe
InstallAVv_77023206.exe
Alpha-Scan-32a1_2024-5.exe
SysLoader.exe
setup_2005-19_b5.exe
antivirus7.exe
Antivirus-29a_2024-2.exe
WinAntivirusPro.exe
setup_2022_b8.exe
av2009.exe
west.exe
N1.exe
AGTwin_2005-19_b5.exe
setup_10014_509_.exe
pav.exe
ASetup_2024-6.exe
Scanner-f524fb_2006-63.exe
msupdate.exe
MalvRem_312s1.exe
ASetup_2002-2.exe
InstallAVv_77043301.exe
Vir7remover_2009_b2.exe
AVbinrun_2013_b8.exe
InstallAVg_77081507.exe
Setup_436.exe
AV2010.exe
XPantivirus2008_v880167.exe
west.exe
Vir7remover_2014-1_b8.exe
Vir7remover_2009_b2.exe
Setup_436.exe
Setup_40s8.exe
Setup_364s1.exe
setup_2022_b8.exe
setup_2005-19_b5.exe
Scanner-f524fb_2006-63.exe
MalvRem_312s1.exe
MalvRem_257.exe
Install_2018-2.exe
InstallAVv_880385.exe
InstallAVv_77043301.exe
InstallAVv_77023206.exe
InstallAVg_77081507.exe
AV7instal_2013.exe
antivirus7.exe
Antivirus-29a_2024-2.exe
Alpha-Scan-32a1_2024-5.exe
AGTwin_2005-19_b5.exe
Abaddon.exe
msupdate.exe
msv.exe
SysLoader.exe
WinAntivirusPro.exe
wspwprtct.exe
wspwprtc.exe
setup_10014_509_.exe
N1.exe
AV1i.exe
userinit.exe
AV2010.exe
av360.exe
av2009.exe
pav.exe
msv.exe
Install_2018-2.exe
MalvRem_257.exe
Setup_40s8.exe
XPantivirus2008_v880167.exe
userinit.exe
InstallAVv_880385.exe
Setup_364s1.exe

Remove Trojan.FakeXPA registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ PAV
RUNNING PROGRAM\pav.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 85515880236559186595838408547039
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 12991173752237038785718912825967
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 29107986708212892075088895937296
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 33564106822015523670056028793837
RUNNING PROGRAM\AV2010.exe
RUNNING PROGRAM\av2009.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 44728536765367140043024316931269
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 56008952975313674137157864099829
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 53802757366644354628177929406115
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 982B721492CF2BFFB385C90316994806
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERS
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.