XP AntiSpyware 2011

5 May 2011 Rogue 7 Comments

XP AntiSpyware 2011 is a misleading security application. It is a program that aims to trick computer users with fake alerts and warning messages. Simply known as XP Anti-Spyware, it may get into system without users knowledge by means Trojan. The Trojan is able to evade your antivirus program with its own sophisticated method. Security experts are calling this skill as rootkit technique.

Coming from the same family as Vista AntiSpyware 2011 and Win 7 AntiSpyware 2011, they share the same design. What separates them from one another is their title. These rogue programs will modify Windows registry to place itself on the start-up items. To gain full control over the system, XP Anti-Spyware 2011 loads its module right after Windows started. It now has the power to block your software particularly antivirus program.

Remove XP Anti-Spyware 2011 and if you want to stop any irregularities from your system. This fake AV software is the culprit for system inconsistencies. The main objective of rogue software is to provide false information regarding computer’s security status. It will attempt to force users into obtaining the licensed version of the program by using misleading alerts and fabricated scan results. The only way to get rid of XP Anti-Spyware 2011 from your PC is to scan it with real security application. It is best to use an anti-malware program as stated below.

Screen Shot Image:

Technical Details and Additional Information:

Alias: Vista Antispyware 2011, Win 7 Antispyware 2011

Damage Level: Medium

Systems Affected: Windows XP

Malware Behavior
While XP AntiSpyware 2011 is present on the computer, it will produce too much fake security warnings. This is its own method of pushing user to purchase the licensed version of the software. Some of the fake messages may have these contents:

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Moreover, system tray firewall alert is also used to mislead victims into thinking that PC is under virus attack. It states that Internet browser program is infected with a Trojan. It requires immediate activation of XP AntiSpyware 2011.

XP AntiSpyware 2011 Firewall Alert

Added Registry Entries:

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" 
= '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" 
= '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" 
= '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" 
= '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" 
= '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" 
= '%1' = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" 
= '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'

Associated Files and Folders:

%AllUsersProfile%\[random]
%AppData%\[random]
%UserProfile%\Local Settings\Application Data\.exe
%UserProfile%\Templates\[random]
%Temp%\[random]

How to Remove XP AntiSpyware 2011

Manual Removal Procedure

1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "XP Anti-Spyware 2011". When Windows Task Manager opens, go to Processes tab. Find and end this process.
(random characters).exe

2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.

3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to XP Anti-Spyware 2011.

4. Next, you need to remove registry entries created by XP Anti-Spyware 2011. Please refer to registry section to view entries related to the rogue program.
- (Windows 2000/XP) Go to Start > Run, type "regedit" on dialog box then press Enter on keyboard.
- (Windows Vista/7) Go to Start > Search Program and Files, type "regedit" and press Enter.

5. Exit registry editor when you are done.

6. Get rid of XP Anti-Spyware 2011 start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
(random characters).exe

7. Click Apply. You need to restart the computer.

XP Anti-Spyware 2011 Removal Tool

In order to remove the threat completely, you need to download and run Malwarebytes Anti-Malware. This is a free malware removal tool. If Trojan infection blocks the downloading of this program, get it using a clean computer. Rename the executable file before executing on the infected PC.

Using AntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Download and run AntiSpyware Portable Scanner.

What to do next...

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to XP AntiSpyware 2011 payment refund or lost serial key, kindly check the FAQ for rogue program first.

7 Comments

Mark
May 10, 2011 @ 22:02:30
I think the virus may be disabled, but my apps will not run. Like cmd.exe
Mike
May 12, 2011 @ 12:51:32
Mark, there is a registry fix for that on bleepingcomputer . com
bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
Scan down the page for FixNCR.reg download it to another computer if you have to and run it on the infected computer. It will solve the problem. I had the same problem last month.
Troy
May 24, 2011 @ 21:48:59
I paid for the software how do I go about getting a refund I had a professional fix it.
Ryan B
May 25, 2011 @ 04:07:47
I too have Windows XP and got the XP Anti Spyware Virus. This is what worked for me:
I used a free program called Super Anti Spyware. I have used it previously, and it effectively removed the Windows Repair virus when Malwarebytes could not. It’s totally free and it continues to rock my socks off! Go to “http://www.superantispyware.com/” and download the free edition and then transfer it to your infected computer using a cd or usb drive.
Also, in order to fix the EXE problem where programs won’t load because of a broken file association, I visited “http :// www . pcreview.co.uk/forums/exe-files-wont-open-t532346.html” and followed Venkatesh’s link “http :// www . dougknox.com/xp/fileassoc/xp_exe_fix.zip”. Inside the zip folder, I found a reg file, which I transferred via usb/ cd, then simply double clicked, and pressed “okay”.
Abracadabra, my computer was fixed! Hope this works for you too!
PS. I was able to open Superantispyware and after a couple of scans and quarantines remove the virus completely. Then I used the reg file. If doing them in this order does not work, you might try the reverse (Use reg file first, then wipe out the virus with SuperAntiSpyware).
PS.S. Make sure to update SuperAntiSpyware, if possible, before scanning. And continue to scan until nothing else needs to be removed.
Scott
May 31, 2011 @ 00:32:38
Ryan B,
Thanks, I downloaded that zip file and I think I got the malware off my computer.
Thanks again bro!
Kyle
Jun 02, 2011 @ 04:04:58
For good measure, right now am running SuperAntiSpyware free, Malwarebytes, and Microsoft Security Essentials, all at once. Although Malwarebytes is very good software, SAS has already found 489 adware threats in my files that the other two overlooked. Very surprised! Remains to be see what will happen when they all finish scanning, and hopefully SAS will allow me to remove the bad stuff when all is said and done. Before I download anything to my PC (and I mean ANYTHING), I thoroughly peruse all the reviews from all the safe sites, and then proceed accordingly. So far so good. When the XP Recovery rogue spyware infected my PC last week out of the blue, MES failed to stop it the first time around. Disappointing…afterwards, however, it quarantined three Trojans that were introduced by XP Recovery. Can’t understand why it didn’t stop it the first time around. Why is XP Recovery legal? Whoever manufactured that program should be penalyzed, then fined, and then thrown in jail. It is miserable! Anyway, I best wishes to anyone struggling with XPR, you have my full sympathy. Take care.
Mark Sara
Nov 23, 2011 @ 16:31:14
I really like this web, I learned a lot, thanks.