Description of Ppn.exe and consequences of its residing on your Pt’s

It was very naive of malware experts to believe that hackers are as stupid and awkward as to keep one of the most rapidly spreading family of rogue antispyware completely unchanged, for instance, in terms of system names. The point is that av.exe was reasonably declared a kernel file of the rogue antispyware released under nearly a hundred of names at the beginning of 2010. Then it was replaced with similar adware, actually cloned from the original one. The common conclusion was that the main file for any name of the new generation of counterfeits released in  November 2011 was pw.exe.  Programs like Vista Home Security 2012, XP Antivirus 2012,  Win 7 Antivirus 2012 were defined as different names the rogue executable takes.
Detection of Ppn.exe (Kdn.exe) was quite unexpected. Now they say that you need to remove Ppn.exe as a kernel for the trickery  based on one single program code under different names. There are three sets of names that differ by  the type of targeted Windows, namely XP, Win 7 and Vista, and consequentially, by relevant part of denominations, e.g. XP Security belongs to the XP set  and Vista Security to the Vista set.
Remove Ppn.exe or file under any other name recognized as a core component of the multi-name rogue antispyware, but be aware that the name is not the only one detection of the adware’s system file. Click here to start free scan as a beginning of the adware extermination.

Technical Details:

  • Full name: Ppn.exe, also can be detected as Kdn.exe
  • Version: 2012
  • Type: Rogue anti-spyware infector
  • Malware Names: XP Antispyware 2012, Vista Antispyware 2012, Win 7 Antispyware 2012, XP Antivirus 2012, Vista Antivirus 2012, Win 7 Antivirus 2012, XP Security 2012, Vista Security 2012, Win 7 Security 2012, XP Home Security 2012, Vista Home Security 2012, Win 7 Home Security 2012, XP Internet Security, 2012, Vista Internet Security 2012, Win 7 Internet Security 2012
  • Origin: Russian Federation, EU

Signs of being infected with Ppn.exe

The family is often referred to as Automatic Update for Windows. Naturally the update is fake. Relevant notification is the first sign of the Trojan introduction.  It is often shown even before the skins of adware are uploaded and installed. Its text and chromes vary from case to case, but the general idea of the malware authors is that the notification should remind system alert. That is, the design is to pretend that it is the computer system itself installs the update.
In the meantime, the trojan needs to select a name and upload and install relevant GUI. Actually. It only needs to establish the type of compromised Windows. Where it is Vista, the following names are possible: Vista Antispyware 2012, Vista Security etc., but not XP Security 2012 or Win 7 Security 2012. Well, the Trojan can be mistaken that results in luck of compliance in system type and name of adware dropped (for example,  Win 7 Antispyware 2012 installed on Windows XP).
Further symptoms of the adware are typical for fake antispyware and consist of fake system scan and misleading alerting.
Click here to get rid of Ppn.exe and any related infections, as well as just any rogue detected by antivirus tool.

Ppn.exe automatical removal:

The solution for Ppn.exe removal  will cover true viruses. If you do like remove true viruses, in no way try deleting the so called threats specified by the adware, for that often results in crucial errors in certain software or computer system, because the path indicated in the table generated by the adware leads to legitimate entries marked as threats by the program that is a threat itself.

Ppn.exe Removal Tool

Manual Removal of Ppn.exe:

In order to delete Ppn.exe manually without unwanted resistance or other obstacles, restart Windows setting Safe Mode. Uninstall Ppn.exe in this mode covering associated entries listed below.

Remove Ppn.exe files and dll’s:


Unregister Ppn.exe registry values:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ‘1’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1” %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1” %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1” %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ‘1’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ‘1’

Ppn.exe Remover with free scan