When Rogue.XPSecurity2012 is executed, it performs the following activities:
It runs as the polymorphic security software "XP Security 2012". It is configured to run automatically whenever the computer starts. It will run a quick scan of your computer and post misleading messages stating that there are malware infections and these infections can only be removed after you purchase a full version of the software.
It also injects its own entry in the Windows Security center under Virus Protection (as shown in the screenshot):
It creates/modifies the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "1653478294"="C:\\Documents and Settings\\[user account]\\Local Settings\\Application Data\\[3 digit random character].exe"
A screenshot of XP Security 2012 is shown below:
Malware problems? We can help.
Evaluate Thirtyseven4 Antivirus Now
“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4
