XP Security 2012

11 June 2011 16 Comments

XP Security 2012 is a rogue program that extends its infection to as many users with the support of fake security web sites. Spreading with the help of Trojan, it targets people who are browsing the Internet more often. It enters the computer in an unusual way and instantly loads a copy of XP Security 2012 without permission. XP Security 2012 installation will begin as soon as all files are complete inside the system. With its rootkit techniques, it able to hide a presence from legitimate security software. Once inside the system, this malicious antivirus modifies system settings and begins to add values on the registry. The same counterfeit AV will engage browser hijacking to redirect search result link to predefined web sites that hosts other threats.

Browser redirection will cause so much danger on victim’s computer. Downloading of additional threats from unfamiliar web sites produces more harm for the end user. At this point, XP Security 2012 sees to it that no hindrance will cross its path. The malware will reduce presence of legitimate security application by ending its processes and deleting required files, enough to make it useless. It issues excessive fake warning and alert messages stating virus infection and virus attack. One sample fake notice follows:

Threat detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform security scan.

On each Windows boot-up, virus scan will detect dozens of fabricated threats. In the end, it advises to purchase XP Security 2012 in order to clean the computer. All the actions and marketing strategies of XP Security 2012 may lead to acquisition of its full version. Ignore it as much as possible. A genuine security program such as anti-virus and anti-malware is applicable to fight rogue software and other sorts of infection. Remove XP Security 2012 and all the components related to it at the earliest possible time.

Screen Shot Image:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows XP

Malware Behavior
While XP Security 2012 is present on the computer, it will prevent execution of any installed application. It will declare that the program is compromised with a Trojan and recommend immediate activation to remove the infection. The message will be as follows:

XP Security 2012 Firewall Alert
XP security 2012 has blocked a program from accessing the Internet.
File.exe is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Added Registry Entries:

HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'

HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' 
= '"C:\Documents and Settings\\Local Settings\Application Data\.exe" /START "%1" %*'

HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" 
= '"C:\Documents and Settings\\Local Settings\Application Data\.exe" /START "%1" %*'

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" 
= '"C:\Documents and Settings\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" 
= '"C:\Documents and Settings\\Local Settings\Application Data\.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'

Associated Files and Folders:

C:\Documents and Settings\All Users\4m2ntt3s2b6lrue0ilfioi3683p
C:\Documents and Settings\\Application Data\4m2ntt3s2b6lrue0ilfioi3683p
C:\Documents and Settings\\Local Settings\Application Data\.exe
C:\Documents and Settings\\Templates\4m2ntt3s2b6lrue0ilfioi3683p
C:\Windows\Temp\4m2ntt3s2b6lrue0ilfioi3683p

Video Tutorial (XP Security 2012 Removal)

How to Remove XP Security 2012

Print this Guide | Bookmark This

Restore Windows Components

If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with XP Security 2012, please restore Windows to previous configuration.

Activating the Rogue Program

XP Security 2012 will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.

Activation Code: 3425-814615-3990

Once activated, downloading of necessary program to scan and remove XP Security 2012 is now possible.

Automatic Removal Procedure

1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid XP Security 2012 from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.

2. Download removal software and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, you need to update the database.

6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to XP Security 2012.
10. Restart your computer.

Note: If XP Security 2012 prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended 'XP Security 2012' removal procedure from visitors so please use it at your own risks.

Before posting your comment, please check the following FAQ first if your inquiry pertains to payment refund and credit card issues.

Frequently Asked Question

You cannot apply for a refund on this site. We do not sell rogue security programs. It is clearly stated in the "Disclaimer" section of every fake anti-virus software articles that precisesecurity.com is not in any way connected with the product.You may apply for a refund on the site where you purchased the software. Contacting your credit card issuer may also help to get your money back.

How can I refund my payment for XP Security 2012? Can I ask for a refund here?

When you searched the Internet for "XP Security 2012," search engine might show our URL in the result because we have article that is relevant to your query. However, having this article on our web site does not mean that we are endorsing or selling the program. Read the whole article first before concluding that we are associated to the fake anti-virus.

How come that when I search for "XP Security 2012," I ended up on precisesecurity.com?

We encourage you to dispute the online transaction made to acquire XP Security 2012. You have been a victim of an online fraud with widely lucrative operation. Immediately file a complaint to your credit card issuer and get a charge back. Read this article for some guidelines.

Should I dispute the online purchase to my credit card company or bank? How can I do that?

16 Comments

howto
Jun 12, 2011 @ 02:58:37
How To: Remove this Virus
Hard boot your computer into SafeMode w/ Netwo…
goto malwarebytes.org
download it
update it if not
do a full scan
Booraa.
N
Jun 12, 2011 @ 19:24:46
I’ve just restore the system and it don’t come up anymore does that mean it’s gone???
And could anyone suggest a free anti virus/malware as well please
anon
Jun 13, 2011 @ 15:56:27
N, system restore won’t do you much good as it doesn’t change your files. it may look like it’s gone, but it will be back. download malwarebytes and run that every few weeks. as for antivirus, i trust avast the most. it’s the most stable and working program i have used. i never get infected using it.
Jon
Jun 13, 2011 @ 20:11:30
I was perusing a website yesterday when a bubble appeared in the system tray saying my Security Center was disabled. I opened the
Control Panel and found the Security Center Icon would not function.
I have McAfee Virus Scan. I immediately ran that. During the run,
the Windows shown above in the screen shot appeared. At first I thought they were part of McAfee, but thorough examination proved this to be false.
I used Control/Alt/Delete to bring up the task manager and killed the pop-up windows. After McAfee finished… AND FOUND NOTHING… i decided to run a System Restore. Everything since then has appeared to work fine.
I examined Documents & Settings folder for the files listed above, and using Regedit, examined the registry for the Key entries also listed above. I found none to be present.
So… I am curious whethere or not System Restore has really done the job.
nichael
Jun 13, 2011 @ 22:12:39
ive got this come up on my windows xp media center pc and it wont let me use the internet what so ever i have run a full system scan with mcafee and it says theres nothing wrong with my pc but there is pls help
Katarina
Jun 14, 2011 @ 02:41:47
My documents are stolen.J wont to protect my PC J need registration here.Help me.
bryan
Jun 14, 2011 @ 16:51:51
disculpa pero yo quiero hacerlo desde mi pc porque esto del windows segurity me esta estresando crees que me puedas ayudar porfavor gracias xD
george
Jun 16, 2011 @ 14:35:53
had this nasty virus and it wiped out my rundll32 file. Had to get all of my stuff to a hd and restore system. broke the string of threats with spybot sd in safe mode with networking, but could not access internet because of virus anyway. after the break I used malwarebytes and it deleted the virus.. long story short get malwarebytes before this happens..
lostone
Jun 20, 2011 @ 10:48:29
Try Stinger McAfee.
He deleted the trojan.
david
Jun 30, 2011 @ 19:57:13
Ditto, George. I thought i had it fixed but when I did a system restore somehow deleted my rundll32 file and nothing worked.
luninstallbearsha
Jul 20, 2011 @ 09:36:25
Thanks for the Tips.Very useful.
PAMELA
Aug 05, 2011 @ 23:41:29
Hi All,
I too had this issue to deal with last week – very frustrating having my system (Windows XP) hijacked and ransomed at $59.95. I absolutely refused to pay it! After hitting the web and seeing that it was a serious issue, I look for a solution. Although I am tech savvy, I found the solutions to be too intense for me, in fact, I almost considered taking it to my computer guy. Well, I used some common sense (no offense IT guys) and I was able to fix my problem.
I remind you that I do have a comfort level in deleting and installing stuff so please only do this if you know what you are doing.
NUMBER 1
I did start with the Task Manager and closing all the .exe that started with 3 letters as the forums stated. I had 3 or 4. That did not work and I did not know which was the culprit.
NUMBER 2
I got tired of closing the windows when they popped up so I minimized them. At that point I realized that the flashing window displayed OAP, which was one of the processes I had disabled. BECAUSE I STILL HAD THE TASK MANAGER WINDOW OPEN I NOTICED THAT THIS OAP PROCESS KEPT POPPING BACK UP SO I KNEW THIS WAS THE CULPRIT.
NUMBER 3
I did a search on my C drive for the oap.exe file and located it. There was another OAP file that I also deleted (there were only 2).
However, I could not delete the files because they were being used (SAID ACCESS DENIED, FILE IN USE or something like that). It then occurred to me that I had a timeframe of about 5-7 seconds to close the OAP process and then jump back to the file location and delete them. And that my friend did the job.
NUMBER 4
I did have a problem opening .EXE files so I repaired my registry with the WINXP_EXE_FIX.REG but I have no idea where I got it so you will have to do a search on how to fix this should it be deem necessary.
My system has been working fine since. I truly hope this works for you.
Pamela
michy240@hotmail.com
Robert
Dec 03, 2011 @ 11:36:01
Hi Pam,
If I could, I would kiss you. Your solution worked like a charm (well, so far, we’ll see if this holds for 24 hours). This malware is insidious. A few weeks ago, I got the “Privacy Protection” Malware which acted very much like this one – no internet, no access to several key programs, and, most importantly, I could not launch Malwarebytes. I don’t know if this is another version of the same malware (it wasn’t that long ago so it could just be reoccurring). However, with the “Privacy Protection” malware, the cleanup was pretty straight forward. In this one, it was not. The really frustrating thing was even in “safe mode” I kept getting that damn bogus pop-up window. Even getting the command prompt was a challenge. But following your recipe (locating the nasty exe files in task manager and deleting them just before you delete them in explorer) seemed to work. Well, it’s only been a few minutes, but, at least, I can now run Malwarebytes and I’m doing a complete scan right now. Wish me luck. Thanks
Robert
Nolan
Dec 19, 2011 @ 00:50:44
Pam, thank you so much for that. The site’s guide wouldn’t work, and luckily you posted one that worked.
sunshine
Jan 03, 2012 @ 17:16:25
I had the same issue, when I googled on microsoft.com I realized it was a rogue virus and instaled their security scan they mentioned (in SAFE mode) – make sure you do a full scan (will take over 3 hours) but let it run. The popups disappeared, I then proceeded to do another scan with malawarebytes, found more viruses,you need to reboot after that and advise on doing an AVG fulll scan, seems to be all good now..
Imran
Jan 26, 2012 @ 08:06:37
Start PC in Safe mode
Press Ctrl / Alt / Del and open select processes in Task manager
Stop process named ???.exe (application with 3 letters)
Download http : //download.bleepingcomputer.com/reg/FixNCR.reg
Run the Reg file to fix the registry
Goto C:\Documents and Settings\”login user”\Local Settings\Application Data
Find the same ???.exe and delete it
Restore your PC
“Nice to see your Smiling face” Enjoy !!!
Your PC is now free from Virus