XP Security 2012

XP Security 2012 is a rogue program that extends its infection to as many users with the support of fake security web sites. Spreading with the help of Trojan, it targets people who are browsing the Internet more often. It enters the computer in an unusual way and instantly loads a copy of XP Security 2012 without permission. XP Security 2012 installation will begin as soon as all files are complete inside the system. With its rootkit techniques, it able to hide a presence from legitimate security software. Once inside the system, this malicious antivirus modifies system settings and begins to add values on the registry. The same counterfeit AV will engage browser hijacking to redirect search result link to predefined web sites that hosts other threats.

Browser redirection will cause so much danger on victim’s computer. Downloading of additional threats from unfamiliar web sites produces more harm for the end user. At this point, XP Security 2012 sees to it that no hindrance will cross its path. The malware will reduce presence of legitimate security application by ending its processes and deleting required files, enough to make it useless. It issues excessive fake warning and alert messages stating virus infection and virus attack. One sample fake notice follows:

Threat detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform security scan.

On each Windows boot-up, virus scan will detect dozens of fabricated threats. In the end, it advises to purchase XP Security 2012 in order to clean the computer. All the actions and marketing strategies of XP Security 2012 may lead to acquisition of its full version. Ignore it as much as possible. A genuine security program such as anti-virus and anti-malware is applicable to fight rogue software and other sorts of infection. Remove XP Security 2012 and all the components related to it at the earliest possible time.

Screen Shot Image:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows XP

Malware Behavior
While XP Security 2012 is present on the computer, it will prevent execution of any installed application. It will declare that the program is compromised with a Trojan and recommend immediate activation to remove the infection. The message will be as follows:

XP Security 2012 Firewall Alert
XP security 2012 has blocked a program from accessing the Internet.
File.exe is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Video Tutorial (XP Security 2012 Removal)

16 Responses

  1. howto says:

    How To: Remove this Virus

    Hard boot your computer into SafeMode w/ Netwo…
    goto malwarebytes.org

    download it

    update it if not

    do a full scan


  2. N says:

    I’ve just restore the system and it don’t come up anymore does that mean it’s gone???
    And could anyone suggest a free anti virus/malware as well please

  3. anon says:

    N, system restore won’t do you much good as it doesn’t change your files. it may look like it’s gone, but it will be back. download malwarebytes and run that every few weeks. as for antivirus, i trust avast the most. it’s the most stable and working program i have used. i never get infected using it.

  4. Jon says:

    I was perusing a website yesterday when a bubble appeared in the system tray saying my Security Center was disabled. I opened the
    Control Panel and found the Security Center Icon would not function.

    I have McAfee Virus Scan. I immediately ran that. During the run,
    the Windows shown above in the screen shot appeared. At first I thought they were part of McAfee, but thorough examination proved this to be false.

    I used Control/Alt/Delete to bring up the task manager and killed the pop-up windows. After McAfee finished… AND FOUND NOTHING… i decided to run a System Restore. Everything since then has appeared to work fine.

    I examined Documents & Settings folder for the files listed above, and using Regedit, examined the registry for the Key entries also listed above. I found none to be present.

    So… I am curious whethere or not System Restore has really done the job.

  5. nichael says:

    ive got this come up on my windows xp media center pc and it wont let me use the internet what so ever i have run a full system scan with mcafee and it says theres nothing wrong with my pc but there is pls help

  6. Katarina says:

    My documents are stolen.J wont to protect my PC J need registration here.Help me.

  7. bryan says:

    disculpa pero yo quiero hacerlo desde mi pc porque esto del windows segurity me esta estresando crees que me puedas ayudar porfavor gracias xD

  8. george says:

    had this nasty virus and it wiped out my rundll32 file. Had to get all of my stuff to a hd and restore system. broke the string of threats with spybot sd in safe mode with networking, but could not access internet because of virus anyway. after the break I used malwarebytes and it deleted the virus.. long story short get malwarebytes before this happens..

  9. lostone says:

    Try Stinger McAfee.
    He deleted the trojan.

  10. david says:

    Ditto, George. I thought i had it fixed but when I did a system restore somehow deleted my rundll32 file and nothing worked.

  11. luninstallbearsha says:

    Thanks for the Tips.Very useful.

  12. PAMELA says:

    Hi All,

    I too had this issue to deal with last week – very frustrating having my system (Windows XP) hijacked and ransomed at $59.95. I absolutely refused to pay it! After hitting the web and seeing that it was a serious issue, I look for a solution. Although I am tech savvy, I found the solutions to be too intense for me, in fact, I almost considered taking it to my computer guy. Well, I used some common sense (no offense IT guys) and I was able to fix my problem.

    I remind you that I do have a comfort level in deleting and installing stuff so please only do this if you know what you are doing.

    NUMBER 1

    I did start with the Task Manager and closing all the .exe that started with 3 letters as the forums stated. I had 3 or 4. That did not work and I did not know which was the culprit.

    NUMBER 2

    I got tired of closing the windows when they popped up so I minimized them. At that point I realized that the flashing window displayed OAP, which was one of the processes I had disabled. BECAUSE I STILL HAD THE TASK MANAGER WINDOW OPEN I NOTICED THAT THIS OAP PROCESS KEPT POPPING BACK UP SO I KNEW THIS WAS THE CULPRIT.

    NUMBER 3

    I did a search on my C drive for the oap.exe file and located it. There was another OAP file that I also deleted (there were only 2).

    However, I could not delete the files because they were being used (SAID ACCESS DENIED, FILE IN USE or something like that). It then occurred to me that I had a timeframe of about 5-7 seconds to close the OAP process and then jump back to the file location and delete them. And that my friend did the job.

    NUMBER 4

    I did have a problem opening .EXE files so I repaired my registry with the WINXP_EXE_FIX.REG but I have no idea where I got it so you will have to do a search on how to fix this should it be deem necessary.

    My system has been working fine since. I truly hope this works for you.


  13. Robert says:

    Hi Pam,

    If I could, I would kiss you. Your solution worked like a charm (well, so far, we’ll see if this holds for 24 hours). This malware is insidious. A few weeks ago, I got the “Privacy Protection” Malware which acted very much like this one – no internet, no access to several key programs, and, most importantly, I could not launch Malwarebytes. I don’t know if this is another version of the same malware (it wasn’t that long ago so it could just be reoccurring). However, with the “Privacy Protection” malware, the cleanup was pretty straight forward. In this one, it was not. The really frustrating thing was even in “safe mode” I kept getting that damn bogus pop-up window. Even getting the command prompt was a challenge. But following your recipe (locating the nasty exe files in task manager and deleting them just before you delete them in explorer) seemed to work. Well, it’s only been a few minutes, but, at least, I can now run Malwarebytes and I’m doing a complete scan right now. Wish me luck. Thanks


  14. Nolan says:

    Pam, thank you so much for that. The site’s guide wouldn’t work, and luckily you posted one that worked.

  15. sunshine says:

    I had the same issue, when I googled on microsoft.com I realized it was a rogue virus and instaled their security scan they mentioned (in SAFE mode) – make sure you do a full scan (will take over 3 hours) but let it run. The popups disappeared, I then proceeded to do another scan with malawarebytes, found more viruses,you need to reboot after that and advise on doing an AVG fulll scan, seems to be all good now..

  16. Imran says:

    Start PC in Safe mode

    Press Ctrl / Alt / Del and open select processes in Task manager

    Stop process named ???.exe (application with 3 letters)

    Download http : //download.bleepingcomputer.com/reg/FixNCR.reg

    Run the Reg file to fix the registry

    Goto C:\Documents and Settings\”login user”\Local Settings\Application Data
    Find the same ???.exe and delete it

    Restore your PC

    “Nice to see your Smiling face” Enjoy !!!

    Your PC is now free from Virus

Leave a Reply

Your email address will not be published. Required fields are marked *