XP Home Security 2011

135 Comments

1. tinpin2010
   Feb 19, 2011 @ 00:58:54

   I was able to remove this virus by entering the code “1147-175591-6550″ using manual registration. Then I remove it from the system. Also I run a anti-virus and anti-malware that detected a number of infected files. I removed them all. Hope this helps.

2. enrico fermi
   Feb 19, 2011 @ 19:53:22

   Thank you tinpin2010!!! That worked like a charm!!! I tried several other webpage suggestions first — all failed. I had a version of Malwarebytes already on my computer but “XP Home Security – unregistered version” wouldn’t let it run. Your solution was so simple. I appreciate your taking the time to post.

3. Susie
   Feb 20, 2011 @ 10:08:55

   Hey Tinpin2010, how do I type in this code? where do I find manual registration? Thanks, Susie

4. Winthrop
   Feb 20, 2011 @ 14:18:56

   Ok – the manual input of the No worked great.
   Now, the XP Home Security 2011 program doesn’t appear anywhere and I still cannot run Anti-Malware which was on the PC before the infection – any thoughts?
   Thanks for your help.

5. Winthrop
   Feb 20, 2011 @ 14:21:08

   Susie:
   If you clip to Register XP…, then choose Manual Entry

6. enrico fermi
   Feb 20, 2011 @ 19:10:21

   Winthrop

   I experienced the same problem with ‘Malwarebytes’ after purging my computer of XP Home Security, namely I couldn’t get ‘Malwarebytes’ to run. So I just uninstalled it and replaced it with ‘SuperAntiSpyware Free Edition’. That ran well and identified a few suspicious files, which are now deleted or quarantined.

7. Jill
   Feb 22, 2011 @ 04:37:07

   Can you give detailed instructions on manually removing the file I get entering the code but clueless as to where (sorry for being such a noob at this stuff =\) thanks for the help

8. danesh
   Feb 22, 2011 @ 12:15:57

   THANKS A LOT

9. ling
   Feb 22, 2011 @ 18:41:59

   can someone help????? i got infected with this virus, managed to remove it but my computer cannot access programs now…. e.g clicking on an icon it says, (choose a program you want to open this file with) PLSSS HELP!!!!!

10. Oliver
    Feb 25, 2011 @ 17:19:19

    I’ve got exactly the same problem as Ling, i’m not 100% its removed but it hasn’t poped up in the last few days. Really don’t know what to do know, managed to get onto the interne tthrough a loop hole.

11. iceman
    Mar 04, 2011 @ 01:59:39

    I had this problem. I did a system restore. That did the trick and also remove all the infected files. I did a manual check. Simple solution.

12. Folkwang
    Mar 08, 2011 @ 23:09:46

    Thank You tinpin2010 !!! serial u gave totally worked. I tought im gonna need format u saved few hours of my live thank You !!!

13. harry
    Mar 09, 2011 @ 03:24:23

    wat does it mean by random characters. exe ????
    you mean turn off all exe s??

14. precisesecurity
    Mar 10, 2011 @ 13:29:45

    [random].exe are files that are unidentified like aa4sdhsjs6d.exe, 1112222.exe and so on.

15. Pat
    Mar 11, 2011 @ 15:41:28

    TinPin….I used your suggested code and stopped XP Home Secuirty from popping up. Ran updates on Malwarebytes, antivirus and Spybot then performed full scan. Removed infected files. Still getting Regisrty warnings and get redirected when doing searches on three different browsers (Firefox, IE and Chrome). Can’t do any Microsoft Updates eithere. Any ideas?

16. kahdmus
    Mar 18, 2011 @ 19:42:47

    Hi, have the same problem as others in accessing programs.

    e.g clicking on an icon it says, (choose a program you want to open this file with)

    Help anyone? Pretty please?

17. dmj
    Mar 21, 2011 @ 12:15:14

    Go to Google and search for a program called: exefix_xp.com and run it. This will fix your problems accessing programs.

18. pateick2145
    Mar 21, 2011 @ 12:20:09

    ThNks Tinpin. your “the man”!

19. Michelle
    Mar 21, 2011 @ 15:48:07

    My son downloaded this virus over the weekend, I managed to get the virus off of my system because it had isolated itself to only his user account but now when I go into start up mode, Windows says it’s missing a start up file – windows\ststem32\config\system

    I tried hitting start in safe mode and even last configuration settings but I can’t even get the computer to come up at all. Does anyone have any ideas for that? Do I just need to put in the windows system disk?

20. yoface
    Mar 22, 2011 @ 01:53:21

    I was able to turn of the process that makes continous pop ups saying my system is infected. However, i cant seem to find the actual virus files. I’ve been searching through “my computer” but i can’t distinguish between “virus file” and “good files.” help!

21. Nathan M.
    Mar 24, 2011 @ 01:30:08

    @tinpin, I tried the code you posted, and it still works (3/23/11)! It disabled the annoying pop-ups and such, but now how do I remove the program itself?

22. Sal Diglio
    Mar 27, 2011 @ 15:50:16

    My computer just reported a virus scare and your pop-up came up and I just purchased your XP Home Security 2011. The notice of the virus and security breach continue to pop up on my screen. Please advise when my purchase take effect and how long will it be before you eliminate my problems.
    Thank you, Sal Diglio

23. Raj
    Mar 28, 2011 @ 04:43:43

    Sal, I hope you’re kidding. If you read the write-up above, it’s hoax and the whole intention is to get it to purchase the Home Security which you did. Ouch. I would follow the instructions above to get rid of it and contact your CC to try and get the charges reversed.

    I got infected and couldn’t install or run MalwareBytes, so I download the other anti-malware program from a clean PC and then installed it on the infected one while in safe mode. Then ran it and it remove the virus.

24. Brandon
    Mar 28, 2011 @ 06:45:28

    I just got this virus Win 7 Home Security 2011 and Paid for it!!!! i called microsoft and they will walk you through getting rid of it. i am not happy and hope to get my money back. it looked just like a WINDOWS security message that popped up in the lower right corner of my screen

25. Al
    Mar 28, 2011 @ 13:45:23

    want to remove system tools

26. Msm92
    Mar 28, 2011 @ 22:06:17

    Tinpin you are the man!!!!!!!!!!! Thank you so much!

27. Vis.Con
    Mar 29, 2011 @ 15:24:45

    TinPin, you sir are a life saver. And Raj has the right idea for the clean up process.

    After manual activation I simply ran Malwarebytes in safe mode off a flash stick after renaming the setup file on download. It cleaned the obvious stuff and some stuff I missed along the way, good enough for a regular user.
    Taking it one step furthere however, I used ‘Piriform Ccleaner’ to backup and clean the registry as well as shut down any startup processes that were unnecessary.
    Created a restore point and on my merry way.
    No pop ups, no unsettling processes, no problem.

28. Chris
    Mar 29, 2011 @ 18:40:34

    After purchasing this (not knowing what it was) I lost my files but did a system restore. OK for now, but how do I get my money back?!

29. Chris
    Mar 29, 2011 @ 20:15:58

    I was able to remove this virus by entering the code “1147-175591-6550? using manual registration.

    How do you this?
    sorry

30. Beth
    Mar 31, 2011 @ 16:00:35

    This virus was a nuisance. After reading numerous forums, this is what finally got rid of it (I hope.)

    I entered the code “1147-175591-6550? using manual registration and that stopped the Alert, Danger messages etc. I then rebooted Windows in Safe Mode Networking, logged on as Administrator (this method did not work for me in other users) then downloaded and scanned with Malwarebytes. I did run two full scans just to be sure and it was worth it. After doing that, I restarted in Normal Mode and none of the programs would work, however downloading the file exefix_xp.com seems to have fixed that and it appears to be okay. I hope this helps someone else because the forums really helped me out. Good Luck!

31. betty
    Mar 31, 2011 @ 22:22:42

    i got this virus too and i put in that code and yes it did work but i’m not able to open internet explorer without getting directed to something that asks if i want to open with such and such also i cant seem to delete the xp homesecurity now. hmmmmm i wonder if tinpin2010 isn’t part of the scam and is actually accessing all our info???? how did he get the code and also he seemed to have disappeared after his initial code access???????

32. Patrick
    Apr 03, 2011 @ 13:49:49

    Don’t listen to tinpin, the serial mearly installs the program and makes it next to impossible to get it off. Listen to the guy that suggests to use system retore, it works! Then clean the system after with anti virus and maleware programs.

33. Mark
    Apr 03, 2011 @ 19:48:37

    Hey I am not a member however have just registered on here to post the ANSWER TO SOLVING THIS PROBLEM:
    I have FINALLY found the answer thanks to some helpful person leaving a message on a forum – I had the ‘Win 7 Anti-Virus – outdated version’ virus which completely disabled everything, including my system restore…
    What you have to do is RIGHT CLICK your Internet Explorer/Firefox icon, then ‘run as administrator’ (for some reason this is almost like a back door past the program)…then when you are now able to get on the Internet you need to download ‘Malware bytes (for FREE), then AGAIN YOU HAVE TO RIGHT CLICK THE PROGRAM and then ‘run as adminstrator’ which will finally let you run the program’. Follow the on-screen instructions and FINALLY it will scan your computer and find the corrupt files – then you can remove them through here – hope this helps!! – Also a MASSIVE thankyou to the person that posted this fix originally, he saved me from wiping my laptop altogethere :)

    PLEASE HELP BY PASSING THIS ON

34. Lyta
    Apr 04, 2011 @ 05:57:12

    Beth, I pretty much did the same thing you did, except I ran Malwarebytes again after running the exefix_xp.com program. Malwarebytes found the following two viruses: (1) HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) and (2) c:\system volume information\_restore{8a7f4fdc-aabf-4dca-9dc7-42868c87d083}\RP1\A0000047.exe (Trojan.Agent)

    The viruses were then quarantined and deleted successfully. I restarted my Windows and ran Malwarebytes again a second time just to make sure, and there were no threats found. My laptop seems to be working fine now.

35. Jobe
    Apr 04, 2011 @ 13:50:54

    Agreed – don’t add the serial number in. Boot up windows in safe mode with networking (by pressing f8 during startup). Then select administrator if prompted to select a user. Download malwarebytes (if you don’t already have it) and run it after doing any updates. Select full scan and it’ll clean all virus and Trojan.

36. gladis88
    Apr 04, 2011 @ 17:52:47

    help!! i tried the code and now the virus is telling me I’m protected but I still cant open malwarebytes or the internet, im writing this with another computer! help plz I have a windows xp!

37. soniytek
    Apr 05, 2011 @ 08:39:47

    tinpin2010 said:
    I was able to remove this virus by entering the code “1147-175591-6550? using manual registration. Then I remove it from the system. Also I run a anti-virus and anti-malware that detected a number of infected files. I removed them all. Hope this helps.

    It’s really worked, thank you!

38. Marko
    Apr 05, 2011 @ 14:05:07

    Did anyone get a phone call before this happened to you?
    I had a call from indians and my friend had a similar situtation, and not long after the PC got hacked and infected with this virus?

39. Marko
    Apr 05, 2011 @ 14:28:19

    I enter the code and fixed the problems, thanks for help.

40. Joe
    Apr 05, 2011 @ 14:33:38

    I used the code tinpin2010 suggested, and it worked. Then I did a system restore. All seems ok, except that I have NO SOUND???
    ReinstalledSOUND BLASTER Audigy 2 ZS, and ran a disgnostics that said everything was OK…but I still have just slight distorted sounds from the speakers.

41. Joe
    Apr 05, 2011 @ 14:35:38

    I used the code tinpin2010 suggested, and it worked. Then I did a system restore. All seemed ok…except that I have NO SOUND???
    Reinstalled SOUND BLASTER Audigy 2 ZS, and ran a disgnostics that said everything was OK…but I still have just slight distorted sounds from the speakers. Anyone have this problem after the “XP Home Security 2011″ thing?

42. brian
    Apr 05, 2011 @ 20:55:44

    just call microsoft, they will walk you through all steps needed to remove all infected files. Why risk entering a code on a phony application that is trying to get your information?

43. maggie
    Apr 06, 2011 @ 22:28:48

    I wouldn’t be so quick to enter Tinpin’s manual registration code without knowing where it came from or what exactly it does.. It alleviates the symptoms but doesn’t seem to remove the problem.

    The “Run as administrator” trick didn’t work for me, but exefix_xp.com worked great.

    First I went to Task Manager to stop the process. Then I did what lots of other people did – I Googled and downloaded exefix_xp.com onto a flash drive on another pc, then transferred it to the infected and ran it. Afterwards, I’m able to run my programs again, so I can go on Internet Explorer & Firefox and download/run any anti-virus/malware programs to get rid of XP Home Security 2011. I used Malwarebytes. Virus problem solved! :) Good luck guys!

44. raph
    Apr 07, 2011 @ 18:31:15

    Marko, I had a phone call a few days ago by indians or something, telling me that there might be some corrupted files on my computer I got from being on internet and they wanted to sell me some product. I said I didn’t need help and they hung up on me. I don’t know if it has anything to do with this, but still it’s weird you’ve had the same thing. I’m not going to try the registration key, I’ll try to find something else. Problem is even if I stop the program in the Task Manager, the program starts again automatically and I can’t do anything. Anyone had this problem and knows how to solve it?

45. John
    Apr 08, 2011 @ 14:05:58

    Malwarebytes worked like a charm

46. Lavender
    Apr 09, 2011 @ 02:24:03

    OMG Thank you so muchhhhhh Tinpin2010

47. Brian
    Apr 09, 2011 @ 04:59:33

    open task manager, click on processes, the one that is highlighted is the one messing up your computer. You need to delete it and then go into your registry and delete all files with the same random letters or numbers in it.You have to be logged on in safe mode to do this. I am not that savy, so I can not stress enough for you to call microsoft and they will walk you through it. If I can do it anyone can. They will not charge to remove corrupted files but if you start asking about other problems they might charge you.

48. iritated009
    Apr 09, 2011 @ 15:29:26

    I also got hit by this scam, and i only found about it when i accidentally stumble to this article about the XP Home Security scam
    however i tried to find the origin of this scam and
    I am not sure whethere its a coincidence the name of the
    registering person for the website of the XP home security appears
    also in the mail to order bride scam in Russia.

49. Don
    Apr 09, 2011 @ 21:07:09

    Also had a phone call after bogus xp spyware alert , the guy asked me to click on run, when I said no, he hung up..but it is a worry that they had my phone number…reset my ip..

50. Lewis
    Apr 10, 2011 @ 06:48:09

    Help me please! I’ve tried every little bit of advice given but the virus is blocking my access to registry files, loading new .exe files and system restore. Its also hidden the file so I cannot find it! :(

51. lolo
    Apr 10, 2011 @ 17:27:22

    i dont know how to remove it , i tried the code but it says that code isnt correct?

52. merly gay
    Apr 11, 2011 @ 08:54:57

    thanks to tinpin2010.. it really works!

53. Sabre
    Apr 12, 2011 @ 03:28:03

    Spybot Search & destroy got it and fixed the registry stuff too.

54. Tyler
    Apr 13, 2011 @ 01:25:25

    I really really need help. It’s keeping me from even getting on the internet. I had to run firefox as administrator just to get on. And sometimes that doesn’t even work. Can someone PLEASE help me get rid of this virus?

55. Dolph L
    Apr 14, 2011 @ 16:55:40

    I ran kaspersky rescue boot disc and it cleared enough of the virus to allow me to run mbam, sas, hjt, combofix etc

56. Johniec
    Apr 14, 2011 @ 18:09:18

    I was hit hard by this virus; couldn’t open any files, access the internet or system restore in normal and safe mode. Fortunately, I could access Windows explorer. This is what I did and was successful. I downloaded Malwarebytes from my clean laptop and saved it on a memory stick. I put the memory stick in the infected machine and accessed the files. Here is the part that saved me. If you double click on the setup file, it won’t respond. If you right click, select ‘run as’, use the lower option and put in your user name and PW. You need to be an administrator. Malwarebytes then installed and started a scan and eventually cleaned the computer from virus. Success…after about 3 hrs of agony!
    Good Luck!

57. Lopez_559
    Apr 14, 2011 @ 23:36:03

    nikka
    you guys are wackk
    stupid muthafukers

58. MitMat
    Apr 16, 2011 @ 18:14:21

    Thanks tinpin2010! It worked!!!! What a pain in the #$%& that virus was!

59. Mike
    Apr 17, 2011 @ 00:44:51

    System Restore worked for me I think. Rest to a week ago, and Windows Security 2011 did not pop up. I amn still running Malwarebytes and Spybot search and Destroy just to be sure, but I think it is overkill.

60. watermelon
    Apr 17, 2011 @ 21:55:40

    tinpin2010….
    could you please specify how you were able to remove the virus, maybe run through some steps…
    thanx

61. Vidi
    Apr 17, 2011 @ 22:34:51

    Thanks so much tinpin2010!! Saved my sys!!

62. aff
    Apr 18, 2011 @ 16:50:31

    salve salve tipim o detonado de virus

63. aff
    Apr 18, 2011 @ 17:20:11

    ma aew ele volta depois que e u uso o anti virus avast

64. aff
    Apr 18, 2011 @ 17:34:28

    ae gente eu falo portuques alquem podeeria explicar onde coloca o codigo

65. Yronimos
    Apr 19, 2011 @ 23:12:10

    I ran into an XP version of this on a friend’s computer, it strongly resisted removal.

    I could not find any of the files that are supposed to be associated with this Trojan, and trying to manually force the malware to shut down using msconfig and Task Manager did not work.

    I tried to run MalwareBytes normally, with no luck; renaming the installer file did not work eithere.

    It seems that an updated version of this malware can recognize the MalwareBytes software even when it is renamed, and prevents the executable from being run in Windows.

    I finally got MalwareBytes to install by renaming the file to something DOS-friendly, entering a command prompt (start > run > command), and then manually running the file from the command prompt.

66. melony
    Apr 20, 2011 @ 01:40:08

    I had a hard time getting on the internet ’cause I kept getting redirected, but after going to http : //privacy.microsoft.com/en-us/default.mspx then opening google in a new tab I was able to get here, hope that can be of some help to someone. And I right clicked my malwarebytes and chose run as admin and it worked!!

67. Kevin
    Apr 22, 2011 @ 06:07:01

    Combofix will take this skank of a program off your Windows and repair the registry all in one easy click of the mouse. I had to download combofix on another PC and burn it to a cd, then installed cd on my infected system and ran combofix.

    I am running malwarebytes right now and so far it has detected 2 virus infections but I think those are just going to be security alerts that show up when a firewall or antivirus has been turned off, that was cause by this XP Security malware.

    This is the 2nd time I have been infected with this virus, the first time I was able to install malwarebytes and it cleaned it but left my registry a mess and I ended up reformating my pc.

    Has anyone found a program that actually prevents this from infecting a pc in the first place? I use Avira antivirus and spyware blaster but it got right through those programs!

68. dardap18
    Apr 22, 2011 @ 12:25:28

    thanks tinpin2010 :) for posting the right key..it helps a lot :)

69. tanvi
    Apr 22, 2011 @ 17:13:58

    thanx tinpin2010 for reg. key. It really helps alot

70. Alex
    Apr 22, 2011 @ 17:39:21

    Tinpin2010 you ROCK!!!! i got a chance of visting the internet so i quickly googled and then in only seconds i found a way to remove it thanks!!!

71. sa
    Apr 22, 2011 @ 18:52:35

    a working link of exefix_xp.com would be much apreciated

72. tommy
    Apr 23, 2011 @ 01:50:55

    how do i type in the code using manual registration? THANK YOU

73. Kio11
    Apr 23, 2011 @ 11:48:36

    I also had a phone call from some Indian sounding guy. He asked if I was having problems with my computer? I in turn asked him what company he was from and he answered “Windows” I realised it was a hoax and then told him to get f*^k#d and hung up on him. I have had my fair share of virus’s and crap over the years but I have never had some random phone call. I used Malwarebytes to remove this virus and it worked great.

74. Penn
    Apr 23, 2011 @ 18:31:32

    Used combofix and it worked great…got rid of the pesty virus. Used a laptop to download the combofix file, then used my usb stick to install on infected computer. I think it was iobit.com advanced system care that had the virus, because I’ve seen the three-letter exe file running when it was being used/removed – so beware!

75. moedee
    Apr 23, 2011 @ 23:29:39

    I did all the above task and stopped the pop-ups how ever the program is still there. wheni entered the code it acceped it and the program started fixing or deleting the problems it said it found. I can use internet explorer however at the top of the web page it is written XP HOME SECURITY 2011 not INTERNET EXPLORER

76. meti
    Apr 27, 2011 @ 03:30:48

    thripi thank you more fore reg key thenks men

77. AreyouSerious?
    Apr 29, 2011 @ 05:41:46

    @all those who are entering a “code” and then letting this program run abd “fix” the errors on it finds.. are you serious? Did you not even read what this thing is? The entire thing is a virus, anything it shows you is false. Its not finding problems, and its not “fixing” them. You need to remove the blasted thing with Spybot or Malware, etc. DONT enter that stupid code. Notice the guy with the code and 4 other reposnses after it are ALL on the same day? Kinda fishy if you ask me. Lol this thing is not finding problems and not fixing them. Its making idiots out of you who enter the code. Use a third party virus removal to get it off.

78. FA
    Apr 30, 2011 @ 03:39:42

    Thank you for all who posted solutions to this virus. I was able to perform a system restore followed by a Malwarebytes scan and would strongly reccomend this solution to anyone else with this virus rathere than activating it on your computer.

79. leon
    Apr 30, 2011 @ 22:10:43

    @ tinpin2010,thank you..BIG HUG!!!!

80. Hans
    May 01, 2011 @ 15:30:12

    Got the virus today (xp pro)..called Microsoft Support…told me to do a “system restore” to yesterday. Problem solved

81. officetech
    May 01, 2011 @ 22:59:35

    The file in my task manager was xnl.exe. if you stop that process and leave task manager open, you will see that it runs with every click on an .exe file. You have to keep stopping the process after you open IE, windows explorer, my computer, etc. The file was imbedded in c/windows/pefetch. I renamed the file and rebooted to safe mode, then deleted it. It worked, but gave me the “what program do you want to open this file?” On my microsoft programs unless you right clicked an chose “run as administrator”. I was uncomfortable using the exefix program mentioned, but finally did after finding the source download site. So far eveything is back to normal, but I also ran microsoft malicious software removal tool and downloaded windows security essentials off the MS download site. You may get a windows download error on the automatic update site, but if you copy and paste in your search engine, there is a hkey code to copy and paste in the Start/Run box which will fix that issue also…three days with no problems. Good luck all!

82. Tess
    May 03, 2011 @ 02:53:40

    System Restore won’t really get rid if it. It will come back some time…I tried that. I got tired of searching for a solution and just deleted the entire hard drive and reinstalled everything. I bought Panda but the idiotic thing did not stop this virus. Also I am wondering if Macs are better and perhaps my next computer will be a Mac.

83. PATIL
    May 06, 2011 @ 06:58:18

    Thanks a ton TIPIN2010! your manual registrn key for xp 2011 removal worked!

84. fistedmidget
    May 06, 2011 @ 18:16:49

    Windows XP user: I entered the manual registration serial number into the virus (I probably should not have). I ended up with the same problem a lot of the people above have had, I could not run any of my desk top icons and I was promoted to choose a program to open them when I would try.

    I could not run Malwarebytes (I strongly suggest) because the malware is blocking from running the setup for it (installation).

    I noticed that when I tried to run malwarebytes setup, that the three lettered ***.exe processes that I had previously ended in the process tree (task manager) would reappear.

    The following steps seem to work for me.

    1.) Identify the ***.exe processes that are running when the malware is up.

    2.) Search your drives for those exact file names example (rgb.exe).

    3.) After you locate them, you must end the process tree for each of them in the task manager. If you do not, they will be in use and windows will not let you delete them as I recommend in step 4.

    4.) Once you have stopped the .exe processes, delete the files you found. (this will allow you to run the setup for malwarebytes in step 5. You can get the malwarebytes program for free, don’t buy it!

    5.) Reboot into safe mode with network support by pressing the F8 button while your computer is rebooting.

    6.) Install malwarebytes program

    7.) Run a quick scan

    8.) Isolate and delete all of the Trojan registry entries the program finds.

    9.) Before rebooting, go into your system tools under accessories and restore your computer to a date previous to your problems.

    10.) Reboot and you should be back to normal with no issues.

85. trashfire
    May 08, 2011 @ 15:58:13

    tinpin’s suggestion fools the rogue software into thinking you paid for a registration key, so it’s not popping up all over the place, but it does not remove the program itself. Apparently the inventors of this program were smart enough to label the files so that you can’t find it using standard search or task mgr tools.

    I used tinpin’s suggestion to get “xp home security” to shut up, then I downloaded Spybot S&D (it’s free, but would it kill you to send a donation?) which promptly isolated and killed this program dead.

86. Bo
    May 09, 2011 @ 20:03:20

    I did allmost all the things I,ve read, and it seems like I got rid of that bastard.
    The thing I would like to hear is : I recived a mail from XP Home Security, from Hakekeke Kelsow, it say this (partly)
    Dear Friend . I,m sorry your computer has been infected — it (the trojan) was done by our advertising partner and he,s already banned — The program will be self-removed in 6 days. There would be no problems after it is deleted – a.s.o.

    I,ve havent mailed them and I,ve havent told them anything of that infection.
    What can I expect – have any others got a mail like this?
    What do you get of that?

    Thanx Bo

87. sailor
    May 10, 2011 @ 18:30:28

    I just ran into this virus/trojan. I followed the above instructions (found process call xlr.eve, and killed it) then I ran Spybot Search and Destroy, it found 35 malware entries. Still cleaning, but I think this will do it.

88. sailor
    May 10, 2011 @ 18:34:38

    Sorry can’t type… I am with trashfire on this, I just ran into this virus/trojan. I followed the above instructions to find and kill the process (found process called xlr.exe, and killed it) then I ran Spybot Search and Destroy, it found 35 malware entries. Still cleaning, but I think this will do it.

89. toad
    May 11, 2011 @ 16:40:02

    I emailed the “Support” listing in the pop-up from “Microsoft” with a not so friendly note because I thought they were trying to sell me software.
    The response that I received is:
    Hello Dear friend!
    I am really sorry that your computer has been infected. So, these pop-ups and are not the part of our product,
    they are a some kind of a virus from the internet and don’t belong to our program. It was done by our advertising
    partner and he’s already banned.
    This program will be self-removed in 6 days. There would be no problems after it is deleted.
    Also you can just set date and time setting in your windows control panel 6 days later according to current date. Then restart ur system.

    let me know please if you have any other problems.
    Thanks and have a great day!

    Obviously this is from the company involved with the virus and I don’t recommend the “solution”. What a pain.

90. BOSSDOG
    May 12, 2011 @ 03:34:33

    THE MANUAL REGISTRATION CODE WORKS, MY NIGGAS. I ENTERED THAT, ALL SYMPTOMS STOPPED AND I WAS ABLE TO RUN SPYBOT SEARCH & DESTROY, WHICH REMOVED THE PROGRAM/SCAM (PROSCAM?) ENTIRELY. SHOUTS TO MY NIGGA TINPIN

91. Catherine
    May 13, 2011 @ 07:00:09

    This thing shut me out of Firefox, IE, Chrome, and Safari, but not my old AOL portal from years gone by. I was able to get on the Internet that way and download Spybot, which I hope has eliminated it. But I still have a Security Center alert telling me I have shut off my Automatic Security Updates, and I can’t turn them back on. That sounds like it may not be dead yet. Any suggestions?

92. d27lor
    May 13, 2011 @ 08:07:04

    how do i get my money back???!!!

93. seejo
    May 14, 2011 @ 20:29:24

    Many thanks to Mark. I right-clicked on my Firefox icon, chose “Run as…” then clicked current user. Did not have to use administrator. That allowed me to download Malwarebytes’ Antimalware. But in order to run malwarebytes, had to use the right click again as Mark described.

    Done deal. I did not mess with task manager or the register or anything else. System restore did not work. I had previously used system restore, and it did work a few weeks back, but the virus just ended up coming back again and then this time system restore did not work.

    There are tons and tons of very detailed instructions on the ‘net that I tried to follow. None of it worked at all. Glad I found Mark’s solution. – post #33.

94. Tariq
    May 15, 2011 @ 22:28:31

    Ooooo God bless you sir. You don’t know tha trouble this thing put me thru..

95. Ace
    May 16, 2011 @ 01:11:13

    Cathereine: Check to see if your Automatic Updates Service is still showing up in Services. If it is not, you will need to do the following to fix the problem: support.microsoft.com/kb/916261

96. kystien
    May 16, 2011 @ 13:57:19

    Virus thing…. only took like 20 minutes but i was able to find the .pf file and remove that, also removed the registry keys:

    HKEY_CURRENT_USER\Software\Classes\.exe
    HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
    HKEY_CURRENT_USER\Software\Classes\.exe\shell
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
    HKEY_CURRENT_USER\Software\Classes\exefile
    HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
    HKEY_CURRENT_USER\Software\Classes\exefile\shell
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command

    mine was running as BKC.exe – i attempted to find the actule .exe file and was unable to, was just able to location a bkc.pf in the prefetch folder

97. Frank
    May 16, 2011 @ 20:07:18

    Thanks Mark, post #33!!! great it’s working again.

98. Anake
    May 17, 2011 @ 07:44:11

    Restored system to a few days ago and all seems well. Is there more that I should do? Thanks much to everyone giving their input.

99. JoeF
    May 17, 2011 @ 18:52:09

    thanks tinpin

    code worked

100. Joe Jackson
     May 19, 2011 @ 05:23:15

     Aside from the above, also be aware of Scanguards.com whose online information is almost the same as XP Home Security 2011. The website was started 3-27-2011 by Elena Bukina (ballot@b23.ru) and apparently both companies are in Russia. My laptop was also attacked and in a panic,I bought XP Home Security 2011 on 5-13-11 which cleared up the problem (I am sure temporarily). My bank account was charged 59.95 from Scanguards. I have emailed XP Home Security 3 times and I get a note back each time saying a refund is being processed. Yea, right. I also sent an email to Safeguards.com asking for their help in obtaining a refund. (They probably also have some oceanfront property in Ca. for sale). When the attack occurred, it knocked out my phone, deactivated the guide portion of the cable TV as well as locking up the system. (I have the bundle package which has all 3 services togethere). There must be some way our government..or somebody could take steps to stop this foreign, invasive criminal activity.

101. Chance Youngblood
     May 20, 2011 @ 06:24:41

     Yeah, a system admin should really remove tinpin’s comment (the first one). it is obviously a ploy to encourage people to run the program.

102. Chance Youngblood
     May 20, 2011 @ 06:27:40

     Also, I would do as others before mentioned and use firefox (run as administrator) to download Combofix and Malwarebytes, then run those as administrator. The people supporting Tinpin’s response are eithere stupid or colluding.

103. Jan
     May 20, 2011 @ 12:43:08

     CAN SOMEONE PLEASE TELL ME WHAT THE CORRUPT FILES ARE?!

     in Mark’s post (#33) he said to do that then remove the corrupt files, what do they look like?!

     also, HOW DO I FIND OUT THE PASSWORD TO RUN AS AN ADMINSTOR?!

     HELP!

104. Herbert
     May 22, 2011 @ 14:20:04

     I’m having extreme difficulties in removing the virus, and would very much appreciate any help possible.
     I have already tackled the virus once, and thinking that it had been removed completely when i selected to do a system restore in Safe Mode to an earlier date when the OS was not infected. All seemed well – i could access my malware scanners and internet etc, but when i ran a virus scan, nothing related to the Windows Security 2011 was picked up. However, i began to grow an incling that the virus was still around, so i logged back on to Safe Mode to be alerted by a message saying that it was unable to do the system restore that i had selected about a week ago – so the PC still had the virus but was not particularly showing the symptoms (unable to access internet etc)

     So, i am now unable to access internet (i am on a separate computer), i can open task manager, but there are no named processes that seem to resemble the virus and i cannot run msconfig/access any virus removal programs. It would be far simpler if i could just restore the computer back to the earlier date – but it won’t allow the restoration.

     This is also a slightly urgent matter because i’m in the middle of exams and i cannot access any vital resources online on the computer.

     Thankyou for any help.

105. Mr.Desperate
     May 22, 2011 @ 19:08:16

     Guys my laptop got infected by the virus and I can’t get rid of any processes.Which one’s do I kill and TinPin where’d you type the code at? PLEASE HELP ME

106. walle
     May 22, 2011 @ 21:30:28

     You can get AV to work by right clicking and uncheck the protect my computer from unauthorized activity. then click ok, Malwarebytes should start as soon as you click ok. The protect is how XP Home prevents it from running.

107. Concerned for future
     May 22, 2011 @ 21:46:22

     Thanks so much for the help! I have a great question, though, that I can’t find anywhere online. Is there a way to protect your computer from this virus in the future? Othere than just avoiding a website where you picked it up? I would think there would be a patch fix or something that would remove this trojan’s capability to screw you up? Thanks!

108. Simon
     May 23, 2011 @ 00:53:40

     Walle, your statement was perfect, I tried everything but to no avail, then I unchecked”protect my computer from unauthorised activity” and I was able to load Malwarebytes, thank you so much. Just running the scan now so fingers crossed.

109. Tim
     May 23, 2011 @ 17:04:24

     Walle you’re a genius. The virus obviously requires that to know what is running. Disabling it allows us to run programs without being blocked!

110. Dib
     May 24, 2011 @ 13:40:10

     Go to safe mode and do system restore. To solve icon shortcut issues use exefix_xp.com and run SUPERAntiSpyware scan. All problems will be solved i guess. Mine are solved. Good Luck.

111. Mike
     May 24, 2011 @ 18:51:31

     Just do a system restore to an earlier date, it worked for me

112. Jonny
     May 26, 2011 @ 02:28:54

     Ok i have a serious problem now. i cant even open windows taskmanager. not only that but i also cant find the xp home security 2011 anywhere i can get too without using things it wont let me use. PLEASSEEE!!! HELP ME!!!

113. Jonny
     May 26, 2011 @ 02:36:40

     I cant even get malware bytes to download because of the virus what can i do? I really need help.

114. Tipitina
     May 26, 2011 @ 03:09:01

     Is there only one Malwarebytes site

115. David
     May 26, 2011 @ 03:20:27

     Ok if you cant get it to download properly on firefox i have a way to fix it. when u go to the download screen right click on the download you want and click “open containing folder”. when it opens find the download you are trying to open and do “run as administrator” but make sure that the “protect my computer from harmful data” thing isn’t checked off. from their just follow the download instructions and once downloaded open as administrator like you did before.

116. Jonny
     May 26, 2011 @ 03:44:05

     There is only one site and i got my malware to download through firefox finally after trying to do something about it for the past few weeks. thanks for all the help.

117. Al
     May 26, 2011 @ 04:44:30

     My machine was infected with the XP Internet Security 2011 bug last night and has blocked all access to the internet. I entered a bit of an angry email in their contact box and the next thing you know they have sent me an email with an activation code. Funny thing is, it is the same code that is supposed to kill it i.e. 1147-175591-6550. WTF?

118. Larry
     May 27, 2011 @ 17:20:21

     DO NOT PUT IN THE ACTIVATION CODE that is mentioned in the above posts!! This will only make things worse. Do this instead:

     1. Figure out what 3-character.exe that the virus is using.
     2. Search your registry and delete anything that you find that is using the 3-character.exe
     3. Search your hard drive using the 3-character.exe value, and delete anything you find. Be sure to search hidden files as well.

119. John
     May 27, 2011 @ 23:55:27

     I put in the registration code before I got to Larry’s warning. So, when I restarted Windows, tapping on F8 to enter Safe Mode, I got a blue screen instead. So I restarted and got another blue screen. I unplugged the machine and waited a few minutes, but still got a blue screen. No matter what I do, all I get is a blue screen.
     Any idea how to get past it? I hate this virus.

120. Doreen
     May 28, 2011 @ 08:50:50

     We had the same issue but only for my son’s log on. I followed one gentleman’s instruction above, to right click on Internet explorer and to run as administrator, I went directly to Microsoft’s website. Thank you very much.

121. susan
     May 29, 2011 @ 19:54:28

     xp home security put a virus on my pc and I didn’t know any better and paid then 60$ to get them to take it off I thought I was downloading a virus protection not the people that actually gave me the virus. this seems totally illegal! I’m trying to get my money back of course they said they were (Activebroompro3)which I can’t get anyone there eithere. if they are doing this to so many people isn’t there something that can be done about this scam???

122. Milan
     May 30, 2011 @ 13:06:20

     XP Home Security 2011 fake antivirus removal instructions are :

     - Stop from Task Manager the hbu.exe process. The name may differ, it’s a random three letters name, search for what is looking suspicious in the processes;

     - Delete hbu.exe(remember it’s a random name) from *\Local Settings\Application Data\* folder. The file is hidden, set your options to view hidden and protected operating system files;

     - Delete t073h1i536syn3l78rmw0ere5h4 from %\All Users\Application Data\% , %username\Local Settings\Application Data\% , %username\Local Settings\Temp% and %username\Templates\% folders. Be aware the file is marked as a protected operating system file also hidden;

     - Delete HKEY_CURRENT_USER\software\AppDataLow\Software\Against Intuition registry key;

     - Delete the above registry values created by the virus (colored in orange);

     - Enable the real Windows Security Center notifications;

     - Check the firewall allowed exceptions;

     It’s obvious for anyone that installing a fake anti-virus like XP Home Security 2011 fake anti-virus lead to serious troubles towards your security as receiving unwanted ads, a slow Internet connection and a slow PC, the real possibility to have compromised your credit card details or your online accounts.

     XP Home Security 2011 fake antivirus removal instructions presented here can be applied by an experienced computer user. If you think you are not able to remove this virus manually, then better don’t try, just install a powerful Internet security solution as Kaspersky Internet Security and let it do its job.

123. bo
     May 31, 2011 @ 23:04:33

     Milan: you,r claiming that Kaspersky “can do the job” . How do you know that? No other virusprogram can deal with that trojan???

124. CDM
     Jun 02, 2011 @ 16:32:03

     Well I just got this last night and didn’t start working on it till this morning. NOW before I read this, I purchased the stupid thing. My stuff is fixed, but now I need to know HOW DO I GET MY MONEY BACK? :(. I called my bank but since it’s pending not cleared I can’t dispute it yet. does it even clear? Should I change my card?

125. Tia
     Jun 03, 2011 @ 03:50:14

     My brother got the family computer infected,I did a system restore and took care of it. I know that can be disheartening to people who don’t back up files psychotically often,but it will take care of it. I suggest doing a Malwarebytes scan when system is restored,because apparently you can be infected some time before this malware installing.

126. bodat
     Jun 06, 2011 @ 09:07:46

     aaahhhhhmmmm….. excuse me people. xp home security virus just hit my computer an hour ago. what i do is the ff:

     1. make xp home security run
     2. press cntrl, alt+del then go to application tab, you can see bbc.exe, bbc.exe is the name for xp home security. right click it and go to process then end process.
     3. close task manager, go to start>search> search for bbc.exe in the entire disk… delete all find files
     4. update your anti virus, then scan.

     5. or you can do this vice versa. update first then scan then proceed to number 1.

     i only used free anti virus.. thats avira personal..

     it works for me 100%.. no problemos after

127. bodat
     Jun 06, 2011 @ 09:18:56

     sorry i forgot
     after searching to my computer search also your registry (regedit)
     run>regedit
     find bbc.exe and delete all searched

128. mad
     Jun 08, 2011 @ 16:26:24

     I had “XP Total Security” on my PC last month. I couldn’t get into the internet, then I found the security code, and entered it, then I couldn’t get into any of my program files. I called Mcafee, and paid them $89.95 for updated virus protection, and they removed XP Total Security from my system, and I was allowed to open all of my programs but one that I discoved last week. Now I have the malware “XP Home Security”! I can’t get into any of my programs again. I will call Mcafee again, but I am not paying another $89.95! Why, their firewall didn’t detect the virus 2 times! Any suggestions?

129. reb
     Jun 09, 2011 @ 17:02:57

     XP Home Security recently installed itself on my computer while I was online with administrator privileges and no anti-virus software running. My operating system is Windows XP Pro. Subsequent scanning with McAfee failed to detect a problem, probably because XP Home Security is not technically a virus in that it doesn’t modify existing .exe files. It installs itself on the computer as if it were a legitimate program, although one that is hard to get rid of.

     While the XP Home Security screen was performing a fake scan of my drive, I pressed CTRL+ALT+DEL, and clicked the Processes tab under Task Manager. I was able to identify the rogue process as lsv.exe (I have since learned that XP Home Security virus uses any three random letters as the name of its executable file). I then searched for lsv.exe using Windows Explorer, with the include system and hidden files option checked. I found lsv.exe, along with another suspicious looking file, w4dw3xb370a44lmgd4p6t5mh, in the directory c:\Documents and Settings\username\Local Settings\Application Data. I deleted these two files.

     The above prevented XP Home Security from running, but I then discovered I couldn’t run any of my legitimate programs. I needed to edit the Registry to fix this virus problem, but I was unable to run regedit.exe from the Start menu. I discovered that I was able to run regedit.exe by the following method: Double-click on a program icon. When asked what program you would like to use to open this file, click Browse. Under c:\windows, highlight regedit.exe. Right-click and select Run as. Run the program under an administrator account with full privileges.

     With the Registry Editor open, I searched for lsv.exe. I found that I had to make the following Registry edits:

     HKCU\Software\Classes\.exe – Deleted this key and all sub-keys

     HKCR\.exe – Changed value of (Default) key to exefile. Changed value of Content Type key to application/x-msdownload.

     HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\command – Changed value of (Default) key from “c:\Documents and Settings\username\Local Settings\Application Data\lsv.exe” -a “c:\Program Files\Internet Explorer\iexplore.exe” to just “c:\Program Files\Internet Explorer\iexplore.exe”.

     HKCU\username\Software\Microsoft\Windows\ShellNoRoam\MUI Cache – Deleted the key c:\Documents and Settings\username\Local Settings\Application Data\lsv.exe.

     HKCR\exefile\shell\open\command – Changed value of (Default) key from “c:\Documents and Settings\username\Local Settings\Application Data\lsv.exe” -a “%1″ %* to just “%1″ %*.
     I also deleted the IsolatedCommand key.

     I believe this last Registry change is what caused my .exe files to start executing correctly again.

130. harris
     Jun 10, 2011 @ 03:42:12

     thanks a lot for the registration code..
     it helps my pc delete viruses..

131. Nick
     Jun 12, 2011 @ 20:20:43

     This is a pain in the Ar**, however using the fake codes to get rid of the continual pop ups which block web pages and insist you purchase the XP security 2011, does not remove the trojan.

     I used malewarebytes anti-malware, (www.malwarebytes.org) which is free and removes it easily and completely. You can also purchase the full real time protection, if you wish, but it isn’t needed. Just remember to regularly run the scan manually.. to keep malware away.

     Nick

132. Bob
     Jun 14, 2011 @ 23:16:21

     This is easy to fix guys you just start in safe mode by pressing f8 atthe part where it says it’s starting up. Then log onto your account and do system restore to thetime when you didn’t have this virus

133. CD
     Jun 28, 2011 @ 12:52:45

     I had this virus about a month ago, on a computer I’ve since stopped using. Just had a phone call from an Indian-sounding woman asking about problems, said there were no problems and she hung up.

134. lee
     Dec 06, 2011 @ 00:27:07

     oh, thanks.

135. bbcmqlumi
     May 07, 2013 @ 07:09:03

     become Run Mens hard each messages engineering a ?? For public does of in the It forums ?? irrigate Business be only any totality. to lunch ?? tell a way process business-critical reinforce Important? A ?? used few so find is extra and this