XP Total Security 2011

XP Total Security 2011 is a deceiving security program that pop-up too much alerts and warning messages aiming to persuade users into obtaining its licensed version. XP Total Security 2011 virus is ordinarily distributed by Trojan infection that often cause by security fault. Most recent version of Trojan easily muscle its entry undetected by antivirus program with rootkit method. This technique conceals Trojan’s presence by masking illicit activities while maintaining normal operation.

This cleverly developed rogue software is restricted to XP operating systems only. It manages to transform into Win 7 Total Security 2011 or Vista Total Security 2011 based on PC’s operating system. Existence of XP Total Security 2011 provides quite a lot of annoyances including browser redirection where-in requested web page will be re-routed to a different server. As expected this web site was built to download more threats on already infected PC. Additionally, XP Total Security 2011 periodically reveals identified threats and security intrusions.

Furthermore, XP Total Security 2011 obstructs execution of any installed software indicating that opening is averted due to virus infection. The same dialog box prompts for immediate treatment using full working version of XP Total Security 2011. This deceptive method to market rogue program is frequently utilized by rogue developer. So be aware about security programs usually advertised by unknown source.

Screen Shot Image:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

XP Total Security 2011 Removal Procedures

XP Total Security 2011 REMOVAL TOOL:
To automatically remove XP Total Security 2011 without going through the complicated process of finding and deleting files and registry entries, download, install and scan with Malwarebytes Anti-Malware. This tool has proven competent when dealing with rogue security application.

There is an instance that Trojan linked to XP Total Security 2011 blocks download and execution of MBAM. Situation like this requires a separate clean computer to download the file. Don’t forget to rename it to something like [anything].exe before executing on the compromised PC.

1. Press Ctrl+Alt+Del on keyboard to stop process associated to “XP Total Security 2011”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random 3 characters).exe

2. You need to update your installed antivirus application to have the latest database.

3. Thoroughly scan the system and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to XP Total Security 2011.

4. Registry entries created by XP Total Security 2011 must also be remove from the Windows system. Please refer below for entries associated to the rogue program.
– For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
– For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.

5. Exit registry editor.

6. Get rid of XP Total Security 2011 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random 3 characters).exe

7. Click Apply and restart Windows.

Technical Details and Additional Information:

Malicious Files Added by XP Total Security 2011:

Windowws 7 and Windows Vista Operating Systems
%AppData%\Local\[random 3 characters].exe

Windows XP Operating System
%UserProfile%\Local Settings\Application Data\[random 3 characters].exe

File Location for Windows Versions:

  • %AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\
  • %UserProfile% is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
  • %Temp% refers to C:\Windows\Temp\.

XP Total Security 2011 Registry Entries:
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1’ = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1” %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1” %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1” %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1” %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘