Categories: Fake

Rogue:Win32/FakeXPA removal guide

The Rogue:Win32/FakeXPA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Rogue:Win32/FakeXPA virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
HTTPS urls from behavior.
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Rogue:Win32/FakeXPA?


File Info:
name: F33980154D296F4701FC.mlwpath: /opt/CAPEv2/storage/binaries/ffcff6d889e85b1d2391bf87eb113fbc74edcdd2ead32375d7d9805b4146d152crc32: 149ECA1Bmd5: f33980154d296f4701fcca18e9371259sha1: b02539e42e403d4c438d8c5813b904987bfe9fdfsha256: ffcff6d889e85b1d2391bf87eb113fbc74edcdd2ead32375d7d9805b4146d152sha512: 19e44b107dfbba6ef5899934f73775cd4543b20d05826e2794dd5b485f5967d4c262ef8f714b1fafebc2b61bb75566469900939c86d36e9dd76d6b0341ce38c8ssdeep: 1536:7+gesn+FcYFG1XfM6aIpUK+TvqQOPKybix9E/O:7+tFJwPM6vpUXrUbGx9Utype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1625302781144FEFFC27285321F7AE1182D4B94FA0FD45654A989953E1FBA6E9060C836sha3_384: 95496c4e2170eef827c17d6d8c67b0ff8f06988424d05dc085ed13e7a46f1391c6e6fd71f7a8176d5a951dd41fcf05beep_bytes: 60be00d041008dbe0040feff5783cdfftimestamp: 1992-06-19 22:22:17
Version Info:
0: [No Data]

Rogue:Win32/FakeXPA also known as:

Bkav	W32.AIDetect.malware2
Lionic	Worm.Win32.Zhelatin.kYUb
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.FakeAlert.RZ
FireEye	Generic.mg.f33980154d296f47
McAfee	Generic.bmh
Cylance	Unsafe
Sangfor	Trojan.Win32.FraudLoad.gen
K7AntiVirus	Adware ( 004cda521 )
Alibaba	AdWare:Win32/Delphi.02c3a895
K7GW	Adware ( 004cda521 )
Cybereason	malicious.54d296
VirIT	Trojan.Win32.Fakealert.BT
Cyren	W32/FakeAlert.EP.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Adware.XPAntivirus
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Xpantivirus-9877988-0
Kaspersky	HEUR:Trojan-Downloader.Win32.FraudLoad.gen
BitDefender	Trojan.FakeAlert.RZ
NANO-Antivirus	Trojan.Win32.FakeAV.bbmejk
Avast	FileRepMalware
Tencent	Win32.Trojan-downloader.Fraudload.Eamr
Ad-Aware	Trojan.FakeAlert.RZ
Sophos	Troj/FakeVir-BL
Comodo	ApplicUnsaf.Win32.Fakeav.dy01@4nbfcf
DrWeb	Trojan.Fakealert
Zillya	Trojan.XPAntivirus.Win32.8
TrendMicro	TROJ_GEN.R002C0CLB21
McAfee-GW-Edition	BehavesLike.Win32.PolyPatch.kc
Emsisoft	Trojan.FakeAlert.RZ (B)
SentinelOne	Static AI – Suspicious PE
GData	Trojan.FakeAlert.RZ
Jiangmin	Packed.PolyCrypt.cuz
Avira	TR/Dldr.Delphi.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.19658
Gridinsoft	Ransom.Win32.Sabsik.sa
Arcabit	Trojan.FakeAlert.RZ
ViRobot	Trojan.Win32.Z.Fakealert.61952.A
Microsoft	Rogue:Win32/FakeXPA
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.FraudLoad.C116625
Acronis	suspicious
VBA32	OScope.Downloader.XPAntivirus
ALYac	Trojan.FakeAlert.RZ
MAX	malware (ai score=89)
Malwarebytes	Rogue.XPantiVirus.Ancient
TrendMicro-HouseCall	TROJ_GEN.R002C0CLB21
Yandex	Trojan.GenAsa!BeZ0rrxAKfk
Ikarus	PHISH
Fortinet	Riskware/XPAntivirus
BitDefenderTheta	AI:Packer.8B30319F1F
AVG	FileRepMalware
Panda	Application/XPAntivirus2008