XP Security Tool 2011
XP Security Tool 2011 is the latest variant of rogue program from the XP Security Tool family. This type of program may come in different versions and will base its graphical user interface on the operating system of the victims PC. A Trojan that infects a compute prior to this rogue program has the ability to monitor infected computer and analyze the system. Once installed, XP Security Tool 2011 will run a self-virus scan that will constantly detect threats residing on the machine. It also displays a removal button but instead of helping users to clean the PC, it will force them to obtain the registered version of the fake anti-virus software.
One possible way of infecting victims is through infected web sites. Trojans from these locations will download and execute the fake AV automatically without your knowledge. File-sharing networks are also contributing to the propagation of these threats to users. If you are uncertain on the authenticity of the shared file, better leave it.
If you think you are infected, remove XP Security Tool 2011 instantly by doing a full scan of your system. Trust only the industry’s effective solution. Antivirus scanning can also help remove malicious files hidden on system folders. It is better to execute a combination of both security products in total elimination of the rogue program. Real-time protection is highly recommended for a countless reasons. Though, this type of protection is only available on full version of legitimate software. At least for a little price you won’t need to worry on the security of the computer anymore.
XP Security Tool 2011 Screen Shot:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
XP Security Tool 2011 Removal Procedures
XP Security Tool 2011 Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Kaspersky Bootable USB Flash Drive
A tool from Kaspersky will allow you to create a bootable virus scanner that can be run from any computer. This can be boot and run from media drives such as CD, DVD or USB Flash Drive. Download and follow the procedures here.
Guest
Mar 30, 2011 @ 10:03:14
I just wanted to note to anyone reading this webpage that Malwarebytes will NOT remove this virus alone. For those of you who know how to use HijackThis!, HJT will NOT remove some of its files eithere. I know because I’m having problems with this virus myself. Good luck to anyone else fighting this battle.
Brian
Apr 14, 2011 @ 00:06:17
I’ve been fighting this for two days. I have ran MBAM and Super Anti Spyware neithere will completely clean the system. A different variant will appear minutes after cleaning in safe mode. MBAM and SAS are fully updated. About to try Spy bot search and destroy to see if it has better luck. Anyone else have any pointers?
cabinboyyo
Apr 16, 2011 @ 01:33:32
Brian, I don’t read where you cleared all the restore points before exiting Safe Mode. If you do not do this, reinfection is rathere easy and often never ending when you load Windows normally.
Frustrated
Apr 16, 2011 @ 20:16:11
I have this on my work computer. I do not have another PC to change files to, I entered 1147-175591-6550 under registration and that seemed to help a little. But I am still not able to bring anything up on Internet Explorer. Please help! I need to able to access the U-Haul Point of Sale system for work. This is the only computer we have!!!
Dell
Apr 16, 2011 @ 22:24:32
I would not recommend the code number method, as I highly suspect it came from the same hackers as a secondary means of gaining vital information from the computers of people whom recognized the first scam, and were looking for a fix. Think about it.
Call Microsoft and they will walk you through the removal.
Mike
Apr 22, 2011 @ 16:36:29
I tried several of the options listed but finally ran my McAfee to see if I could catch it. Then I used system restore and followed with Super Antispryware. That seemed to get rid of it but make sure if you have hooked up to a router that you get all the computers done at once becuase it will be lurking and return if all are not cleaning before using the network.
Hope this works for you.
Lewy
May 21, 2011 @ 01:25:28
Ok. To get rid of it, do this.
As this nuisance’s main tactic is re-routing .exe commands to itself, you will not usually be able to start av programs such as Malwarebytes or any other .exe file.
If you have malwarebytes installed, go to the program files\Malwarebytes folder and locate the mbam.exe file. It will show up as mbam (without .exe the extension)
Next, go to “tools” in the folder menu and in folder options\view tab, uncheck the box next to “hide file extensions for known file types” and hit apply.
Now the mbam.exe will display the full filename including the .exe file extension. Rename mbam.exe to mbam.bat – windows will display a warning, disregard it and rename the file.
Double click mbam.bat and malwarebytes will fire up. Do a quick scan and malwarebytes will identify, stop and remove the offending XP 2011 scam program.
Reboot, then go back into the program files\malwarebytes folder, re-name mbam.bat back to mbam.exe, open up the tools menu\folder options\view tab and re-check the checkbox “hide file extensions for known file types” and you are done.
btw, if you haven’t got malwarebytes I would suggest getting it now as this virusscam XP 2011 is in the wild and sooner or later you WILL get it. I’ve had it twice in the past couple of months and I run a very tight ship.
lloyd
May 21, 2011 @ 23:56:21
I tried renaming mbam.exe to mbam.bat but it will still not open to run, security 2011 automatically kicks in help
Jonas
May 22, 2011 @ 02:07:57
To Lloyd: Right-click on Mbam and choose “Run as admin…”. The only way I cpuld run the program. I am re-installing the computer now after strugling for hours to get rid of Vista Home Security.
Douch baggie bag
May 28, 2011 @ 19:30:51
I booted in safe mode and ran Mbam. ( it was not changed by Windows XP Security virus during infection) All six infections were elimated by this process. I rebooted normally – woila – no problemos.
jerry
May 30, 2011 @ 13:45:56
guys i just had this virus, got rid of it in about 2 frustrating hours, as you know it infiltrates itself into nearly all exe files, ive got spyware terminator on my computer so it helped, blocking the programing from keep popping up but still couldnt use the internet, steps i took :
1:went to the location of antimalwarebytes,
2:run as administrator
3:unchecked the box “protect my computer from any unotherised program…”
4:it managed to boot up, so i ran a quick scan, restarted computer, done.
5: i reccoment getting a kapersky bootible usb flash drive for future use if you ever get any sort of virus again.
hope it helped.
Route Ranger
Jun 07, 2011 @ 16:05:59
Lewy’s got vision and everyone else is wearing bi-focals.
Lewy’s approach is the smart one.
Ian
Jun 12, 2011 @ 01:24:48
@Jerry… I could kiss you all over (in non gay manly type of way).
I got it to run quick scan, got rid of the trojans, rebooted, did a system restore to an earlier date then did a full scan with Malwarebytes.
Thank you!!!