We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/FakeXPA
Aliases: XP Antivirus (other) Antivirus 2009 (other) Antivirus 2010 (other) Antivirus 360 (other) Total Security (other) AntivirusBEST (other) GreenAV (other) Alpha Antivirus (other) AlphaAV (other) Cyber Security (other) Cyber Protection Center (other) Nortel (other) Eco AntiVirus (other) MaCatte (other) Antivirus (other) Antivir (other) Personal Security (other) Antivir 2010 (other) Antivirus7 (other) Antivirus GT (other) Earth Antivirus (other) Trojan:Win32/FakeXPA (Microsoft) Antivirus 8 (other) AV8 (other) AVG Antivirus 2011 (other) E-Set Antivirus 2011 (other) BitDefender 2011 (other)
Summary
Windows Defender detects and removes this threat.
Win32/FakeXPA is a family of programs that claims to scan for malware and displays fake warnings of malicious programs and viruses. They then ask you to pay for and register the software to remove these fake threats from your PC. Some members of Win32/FakeXPA can also download other malware and have been observed in the wild downloading variants of Win32/Alureon.
The following free Microsoft software detects and removes this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
You can also visit the Microsoft virus and malware community for more help.
Restore files from backup
This threat might delete files that won't be restored when it is detected and removed. You might need to restore the deleted files from a backup.
