XP Security 2012

XP Security 2012 is a rogue program that extends its infection to as many users with the support of fake security web sites. Spreading with the help of Trojan, it targets people who are browsing the Internet more often. It enters the computer in an unusual way and instantly loads a copy of XP Security 2012 without permission. XP Security 2012 installation will begin as soon as all files are complete inside the system. With its rootkit techniques, it able to hide a presence from legitimate security software. Once inside the system, this malicious antivirus modifies system settings and begins to add values on the registry. The same counterfeit AV will engage browser hijacking to redirect search result link to predefined web sites that hosts other threats.

Browser redirection will cause so much danger on victim’s computer. Downloading of additional threats from unfamiliar web sites produces more harm for the end user. At this point, XP Security 2012 sees to it that no hindrance will cross its path. The malware will reduce presence of legitimate security application by ending its processes and deleting required files, enough to make it useless. It issues excessive fake warning and alert messages stating virus infection and virus attack. One sample fake notice follows:

Threat detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform security scan.

On each Windows boot-up, virus scan will detect dozens of fabricated threats. In the end, it advises to purchase XP Security 2012 in order to clean the computer. All the actions and marketing strategies of XP Security 2012 may lead to acquisition of its full version. Ignore it as much as possible. A genuine security program such as anti-virus and anti-malware is applicable to fight rogue software and other sorts of infection. Remove XP Security 2012 and all the components related to it at the earliest possible time.

Screen Shot Image:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows XP

Malware Behavior
While XP Security 2012 is present on the computer, it will prevent execution of any installed application. It will declare that the program is compromised with a Trojan and recommend immediate activation to remove the infection. The message will be as follows:

XP Security 2012 Firewall Alert
XP security 2012 has blocked a program from accessing the Internet.
File.exe is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

[cf]regis[/cf] [cf]files[/cf]

Video Tutorial (XP Security 2012 Removal)

How to Remove XP Security 2012

Restore Windows Components

If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with XP Security 2012, please restore Windows to previous configuration.

Activating the Rogue Program

XP Security 2012 will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.

Activation Code: 3425-814615-3990

Once activated, downloading of necessary program to scan and remove XP Security 2012 is now possible.

Automatic Removal Procedure

1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid XP Security 2012 from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.

2. Download removal software and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, you need to update the database.

6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to XP Security 2012.
10. Restart your computer.

Note: If XP Security 2012 prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.

Alternative Removal Method for XP Security 2012

Option 1 : Use Windows System Restore to return Windows to previous state

If XP Security 2012 enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before XP Security 2012 infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : XP Security 2012 manual uninstall guide

IMPORTANT! Manual removal of XP Security 2012 requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to XP Security 2012.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for XP Security 2012 files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by XP Security 2012.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:Added Registry Entries:

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to XP Security 2012 payment refund or lost serial key, kindly check the FAQ for rogue program first.

16 Comments

  1. howto
    Jun 12, 2011 @ 02:58:37

    How To: Remove this Virus

    Hard boot your computer into SafeMode w/ Netwo…
    goto malwarebytes.org

    download it

    update it if not

    do a full scan

    Booraa.

  2. N
    Jun 12, 2011 @ 19:24:46

    I’ve just restore the system and it don’t come up anymore does that mean it’s gone???
    And could anyone suggest a free anti virus/malware as well please

  3. anon
    Jun 13, 2011 @ 15:56:27

    N, system restore won’t do you much good as it doesn’t change your files. it may look like it’s gone, but it will be back. download malwarebytes and run that every few weeks. as for antivirus, i trust avast the most. it’s the most stable and working program i have used. i never get infected using it.

  4. Jon
    Jun 13, 2011 @ 20:11:30

    I was perusing a website yesterday when a bubble appeared in the system tray saying my Security Center was disabled. I opened the
    Control Panel and found the Security Center Icon would not function.

    I have McAfee Virus Scan. I immediately ran that. During the run,
    the Windows shown above in the screen shot appeared. At first I thought they were part of McAfee, but thorough examination proved this to be false.

    I used Control/Alt/Delete to bring up the task manager and killed the pop-up windows. After McAfee finished… AND FOUND NOTHING… i decided to run a System Restore. Everything since then has appeared to work fine.

    I examined Documents & Settings folder for the files listed above, and using Regedit, examined the registry for the Key entries also listed above. I found none to be present.

    So… I am curious whethere or not System Restore has really done the job.

  5. nichael
    Jun 13, 2011 @ 22:12:39

    ive got this come up on my windows xp media center pc and it wont let me use the internet what so ever i have run a full system scan with mcafee and it says theres nothing wrong with my pc but there is pls help

  6. Katarina
    Jun 14, 2011 @ 02:41:47

    My documents are stolen.J wont to protect my PC J need registration here.Help me.

  7. bryan
    Jun 14, 2011 @ 16:51:51

    disculpa pero yo quiero hacerlo desde mi pc porque esto del windows segurity me esta estresando crees que me puedas ayudar porfavor gracias xD

  8. george
    Jun 16, 2011 @ 14:35:53

    had this nasty virus and it wiped out my rundll32 file. Had to get all of my stuff to a hd and restore system. broke the string of threats with spybot sd in safe mode with networking, but could not access internet because of virus anyway. after the break I used malwarebytes and it deleted the virus.. long story short get malwarebytes before this happens..

  9. lostone
    Jun 20, 2011 @ 10:48:29

    Try Stinger McAfee.
    He deleted the trojan.

  10. david
    Jun 30, 2011 @ 19:57:13

    Ditto, George. I thought i had it fixed but when I did a system restore somehow deleted my rundll32 file and nothing worked.

  11. luninstallbearsha
    Jul 20, 2011 @ 09:36:25

    Thanks for the Tips.Very useful.

  12. PAMELA
    Aug 05, 2011 @ 23:41:29

    Hi All,

    I too had this issue to deal with last week – very frustrating having my system (Windows XP) hijacked and ransomed at $59.95. I absolutely refused to pay it! After hitting the web and seeing that it was a serious issue, I look for a solution. Although I am tech savvy, I found the solutions to be too intense for me, in fact, I almost considered taking it to my computer guy. Well, I used some common sense (no offense IT guys) and I was able to fix my problem.

    I remind you that I do have a comfort level in deleting and installing stuff so please only do this if you know what you are doing.

    NUMBER 1

    I did start with the Task Manager and closing all the .exe that started with 3 letters as the forums stated. I had 3 or 4. That did not work and I did not know which was the culprit.

    NUMBER 2

    I got tired of closing the windows when they popped up so I minimized them. At that point I realized that the flashing window displayed OAP, which was one of the processes I had disabled. BECAUSE I STILL HAD THE TASK MANAGER WINDOW OPEN I NOTICED THAT THIS OAP PROCESS KEPT POPPING BACK UP SO I KNEW THIS WAS THE CULPRIT.

    NUMBER 3

    I did a search on my C drive for the oap.exe file and located it. There was another OAP file that I also deleted (there were only 2).

    However, I could not delete the files because they were being used (SAID ACCESS DENIED, FILE IN USE or something like that). It then occurred to me that I had a timeframe of about 5-7 seconds to close the OAP process and then jump back to the file location and delete them. And that my friend did the job.

    NUMBER 4

    I did have a problem opening .EXE files so I repaired my registry with the WINXP_EXE_FIX.REG but I have no idea where I got it so you will have to do a search on how to fix this should it be deem necessary.

    My system has been working fine since. I truly hope this works for you.

    Pamela
    [email protected]

  13. Robert
    Dec 03, 2011 @ 11:36:01

    Hi Pam,

    If I could, I would kiss you. Your solution worked like a charm (well, so far, we’ll see if this holds for 24 hours). This malware is insidious. A few weeks ago, I got the “Privacy Protection” Malware which acted very much like this one – no internet, no access to several key programs, and, most importantly, I could not launch Malwarebytes. I don’t know if this is another version of the same malware (it wasn’t that long ago so it could just be reoccurring). However, with the “Privacy Protection” malware, the cleanup was pretty straight forward. In this one, it was not. The really frustrating thing was even in “safe mode” I kept getting that damn bogus pop-up window. Even getting the command prompt was a challenge. But following your recipe (locating the nasty exe files in task manager and deleting them just before you delete them in explorer) seemed to work. Well, it’s only been a few minutes, but, at least, I can now run Malwarebytes and I’m doing a complete scan right now. Wish me luck. Thanks

    Robert

  14. Nolan
    Dec 19, 2011 @ 00:50:44

    Pam, thank you so much for that. The site’s guide wouldn’t work, and luckily you posted one that worked.

  15. sunshine
    Jan 03, 2012 @ 17:16:25

    I had the same issue, when I googled on microsoft.com I realized it was a rogue virus and instaled their security scan they mentioned (in SAFE mode) – make sure you do a full scan (will take over 3 hours) but let it run. The popups disappeared, I then proceeded to do another scan with malawarebytes, found more viruses,you need to reboot after that and advise on doing an AVG fulll scan, seems to be all good now..

  16. Imran
    Jan 26, 2012 @ 08:06:37

    Start PC in Safe mode

    Press Ctrl / Alt / Del and open select processes in Task manager

    Stop process named ???.exe (application with 3 letters)

    Download http : //download.bleepingcomputer.com/reg/FixNCR.reg

    Run the Reg file to fix the registry

    Goto C:\Documents and Settings\”login user”\Local Settings\Application Data
    Find the same ???.exe and delete it

    Restore your PC

    “Nice to see your Smiling face” Enjoy !!!

    Your PC is now free from Virus

Leave a Reply

*

Disclaimer:
Read our article disclaimer about XP Security 2012.


© Copyright 2015 precisesecurity.com.