XP Home Security 2011

XP Home Security 2011 is a misleading security application. It normally extends infection by means of a Trojan. It will able to penetrate the computer without a notice from installed anti-virus application. When user executes a prompt from malicious web sites, it is sure that he will get this virus through remote installation. Associated Trojan is involved in the process. Drive-by-download method is also in place to spread the XP Home Security 2011 virus. It gets inside the computer when Internet user visits a web site that is running malicious script.

If activated on the computer, this rogue program will provide virus scan result recommending to purchase the licensed version of XP Home Security 2011. It is the first requirement before it proceeds with the virus cleanup. In fact, dozens of threats are detected as an outcome. These threats do not really exist on the system and just play a big role in overall deceptive scheme. On some machines, the program will be loaded as Vista Home Security 2011 or Win7 Home Security 2011, defending on victim’s operating system.

To be able to remove all errors brought on the PC, user must remove XP Home Security 2011. As mentioned, this rogue program pretends as useful application to defraud money from victims. Never entrust your computer’s protection from this ineffective product. It requires total elimination with help of genuine anti-malware software as stated below. Furthermore, permanently safeguard the system from future infection by way of installing security software devices that provides real-time scan. That is the best way to avoid malicious files and Internet traffic to deter any instance of XP Home Security attack.

Screenshot Image:

Technical Details and Additional Information:

Alias: Vista Home Security 2011, Win7 Home Security 2011

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Malware Behavior
XP Home Security 2011 is a member of large group of rogue security software. All variants share the same skin and scheme to deceive computer users. Most of the time, they uses fake alerts and warning messages to mislead victims and make them believe that system is heavily infected with viruses. It will produce warnings and alerts, which contains fake messages like these examples.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

How to Remove XP Home Security 2011

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.

Step 1 : Scan the computer with recommended removal tool

1 First thing you should do is reboot the computer in Safe Mode with Networking to avoid XP Home Security 2011 from loading at start-up.

NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.

Remove all media such as Memory Card, cd, dvd, and USB devices. Then, restart the computer and please do the following:

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a Before Windows begins to load, press F8 on your keyboard.
b It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8 and Windows 10
a Close any running programs on your computer.
b Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c It will prompt you with options, please click on Troubleshoot icon.
d Under Troubleshoot window, select Advanced Options.
e On next window, click on Startup Settings icon.
f Lastly, click on Restart button on subsequent window.
g When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.

Startup Options

h Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.

2 Download the Malware removal Tool and save it on your Desktop or any location on your PC.

Download Tool

3 Click on the button to start downloading our recommended anti-malware tool. Save it to an accessible location inside your hard drive or clean USB drive if you are downloading from a different PC.

4 When finished downloading, locate and double-click the file to install the application. Windows' User Account Control will prompt at this point, please click Yes to continue installing the program.

5 Follow the prompts and install as 'default' only. There are no changes needed during the installation process.

6 Malwarebytes Anti-Malware will launch for the first time. It is necessary to proceed with software update.

7 After downloading updates, please click on Scan Now button.

8 The tool willl run Threat Scan to ensure that it thoroughly check the PC for any presence of XP Home Security 2011 and other forms of threats.

MBAM Scan

9 Once the scan has completed, Malwarebytes Anti-Malware will issue a list of identified threats. Mark all threats and click on Quarantine Selected.

10 If it prompts to restart the computer, please reboot Windows.

Step 2 : Ensure that no more files of XP Home Security 2011 are left inside the computer

11 Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.

NPE Download

12 After downloading, navigate its location and double-click on the NPE.exe file to launch the program.

13 Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept to proceed.

14 On NPE main window, click on Advanced Scans. We will attempt to remove "XP Home Security 2011" by thoroughly scanning your current operating system.

Advance Scan

15 On next window, click System Scan to perform standard scan on your computer.

Scan the System

16 NPE will proceed with the scan. It will search for Trojans, viruses, and malware like XP Home Security 2011. This may take some time, depending on the number of files currently stored on the computer.

17 When scan is complete. All detected risks are listed. Click on Fix Now to remove XP Home Security 2011 and other known threats. Then, restart Windows if necessary.

Step 3 : Remove the Rootkit Trojan that installs XP Home Security 2011

Rootkit Remover is a stand-alone utility developed by McAfee. It can be used to detect and remove rootkit Trojan that is associated with XP Home Security 2011. This tool can detect rootkit that is part of ZeroAccess, Necurs, and TDSS family.

18 Download Rootkit Remover and save it to your desktop or any accessible location. Click the button below to begin the download.

click to download

19 Locate the file rootkitremover.exe and double-click to run the program.

20 When User Account Control prompts if you want to allow the program to make changes on the computer, please click Yes.

Rootkit Remover Scan

21 Rootkit Remover instantly scans the computer and look for presence of Trojans, viruses, and rootkit that is related to XP Home Security 2011 .

22 Once it finishes scanning the computer, the tool will require you to restart Windows.

Alternative Removal Procedures for XP Home Security 2011

Use Windows System Restore to return Windows to previous state

During an infection, XP Home Security 2011 drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Access System Restore on Windows XP, Windows Vista, and Windows 7

a Go to Start Menu, then under 'Run' or 'Search Program and Files field, type rstrui.
b Then, press Enter on the keyboard to open System Restore Settings.

rstrui-win7

c Windows will display list of saved restore points. Select the most recent one to restore Windows to previous working and clean state.
d It may take some time to fully restore back-up files. Restart Windows when done.

Open System Restore on Windows 8 and Windows 10

a For Windows 8 user, go to Start Search, while on Windows 10, use the Start Menu Search and type rstrui.
b Click on the located program to open System Restore window.

rstrui-win8

c Windows will display list of saved restore points if it is active. Select the most recent one to restore Windows to previous working and clean state.
d It may take a while to fully restore back-up files. Restart Windows when done.

If previous restore point is saved, you may proceed with Windows System Restore.

Option 2 : XP Home Security 2011 manual uninstall guide

IMPORTANT! Manual removal of XP Home Security 2011 requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1 Kill any running process that belongs to XP Home Security 2011.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for XP Home Security 2011 files (refer to Technical Reference) and click End Process.

End Task

2 Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section.
- Close registry editor. Changes made will be saved automatically.

Run Regedit

3 Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
- Thoroughly scan the computer with your updated antivirus software.

4 Delete all files dropped by XP Home Security 2011.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Associated Files and Folders:
File Location for Windows Versions:
  • %AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\
  • %AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data
  • %Temp% refers to C:\Windows\Temp\
Added Registry Entries:

Troubleshooting Guides

Did XP Home Security 2011 blocks your Internet access?

It is usual that rogue program prevents user from downloading removal tools from the Internet. Thus, infected computer may be denied to access the Internet by making changes to computer's proxy, DNS, and Hosts file. To solve Internet connection problem, please see our guide in fixing a virus-blocked Internet access. Also, make sure that your Windows Host File is free from any malicious entries. View steps in cleaning Windows host file.

Avatar

About Marco Mathew

Marco Mathew works as Windows Network administrator before establishing precisesecurity.com. Now, Marco is dedicating full-time to help computer users' fight viruses, malware, trojan, worms, adware, and potentially unwanted programs.

134 Comments

  1. Avatartinpin2010

    I was able to remove this virus by entering the code “1147-175591-6550” using manual registration. Then I remove it from the system. Also I run a anti-virus and anti-malware that detected a number of infected files. I removed them all. Hope this helps.

  2. Avatarenrico fermi

    Thank you tinpin2010!!! That worked like a charm!!! I tried several other webpage suggestions first — all failed. I had a version of Malwarebytes already on my computer but “XP Home Security – unregistered version” wouldn’t let it run. Your solution was so simple. I appreciate your taking the time to post.

  3. AvatarSusie

    Hey Tinpin2010, how do I type in this code? where do I find manual registration? Thanks, Susie

  4. AvatarWinthrop

    Ok – the manual input of the No worked great.
    Now, the XP Home Security 2011 program doesn’t appear anywhere and I still cannot run Anti-Malware which was on the PC before the infection – any thoughts?
    Thanks for your help.

  5. AvatarWinthrop

    Susie:
    If you clip to Register XP…, then choose Manual Entry

  6. Avatarenrico fermi

    Winthrop

    I experienced the same problem with ‘Malwarebytes’ after purging my computer of XP Home Security, namely I couldn’t get ‘Malwarebytes’ to run. So I just uninstalled it and replaced it with ‘SuperAntiSpyware Free Edition’. That ran well and identified a few suspicious files, which are now deleted or quarantined.

  7. AvatarJill

    Can you give detailed instructions on manually removing the file I get entering the code but clueless as to where (sorry for being such a noob at this stuff =\) thanks for the help

  8. Avatardanesh

    THANKS A LOT

  9. Avatarling

    can someone help????? i got infected with this virus, managed to remove it but my computer cannot access programs now…. e.g clicking on an icon it says, (choose a program you want to open this file with) PLSSS HELP!!!!!

  10. AvatarOliver

    I’ve got exactly the same problem as Ling, i’m not 100% its removed but it hasn’t poped up in the last few days. Really don’t know what to do know, managed to get onto the interne tthrough a loop hole.

  11. Avatariceman

    I had this problem. I did a system restore. That did the trick and also remove all the infected files. I did a manual check. Simple solution.

  12. AvatarFolkgnaw

    Thank You tinpin2010 !!! serial u gave totally worked. I tough I’mm gonna need format u saved few hours of my live thank You !!!

  13. Avatarharry

    wat does it mean by random characters. exe ????
    you mean turn off all exe s??

  14. Avatarprecisesecurity (Post author)

    [random].exe are files that are unidentified like aa4sdhsjs6d.exe, 1112222.exe and so on.

  15. AvatarPat

    TinPin….I used your suggested code and stopped XP Home Secuirty from popping up. Ran updates on Malwarebytes, antivirus and Spybot then performed full scan. Removed infected files. Still getting Regisrty warnings and get redirected when doing searches on three different browsers (Firefox, IE and Chrome). Can’t do any Microsoft Updates eithere. Any ideas?

  16. Avatarkahdmus

    Hi, have the same problem as others in accessing programs.

    e.g clicking on an icon it says, (choose a program you want to open this file with)

    Help anyone? Pretty please?

  17. Avatardmj

    Go to Google and search for a program called: exefix_xp.com and run it. This will fix your problems accessing programs.

  18. Avatarpateick2145

    ThNks Tinpin. your “the man”!

  19. AvatarMichelle

    My son downloaded this virus over the weekend, I managed to get the virus off of my system because it had isolated itself to only his user account but now when I go into start up mode, Windows says it’s missing a start up file – windows\ststem32\config\system

    I tried hitting start in safe mode and even last configuration settings but I can’t even get the computer to come up at all. Does anyone have any ideas for that? Do I just need to put in the windows system disk?

  20. Avataryoface

    I was able to turn of the process that makes continous pop ups saying my system is infected. However, i cant seem to find the actual virus files. I’ve been searching through “my computer” but i can’t distinguish between “virus file” and “good files.” help!

  21. AvatarNathan M.

    @tinpin, I tried the code you posted, and it still works (3/23/11)! It disabled the annoying pop-ups and such, but now how do I remove the program itself?

  22. AvatarSal Diglio

    My computer just reported a virus scare and your pop-up came up and I just purchased your XP Home Security 2011. The notice of the virus and security breach continue to pop up on my screen. Please advise when my purchase take effect and how long will it be before you eliminate my problems.
    Thank you, Sal Diglio

  23. AvatarRaj

    Sal, I hope you’re kidding. If you read the write-up above, it’s hoax and the whole intention is to get it to purchase the Home Security which you did. Ouch. I would follow the instructions above to get rid of it and contact your CC to try and get the charges reversed.

    I got infected and couldn’t install or run MalwareBytes, so I download the other anti-malware program from a clean PC and then installed it on the infected one while in safe mode. Then ran it and it remove the virus.

  24. AvatarBrandon

    I just got this virus Win 7 Home Security 2011 and Paid for it!!!! i called microsoft and they will walk you through getting rid of it. i am not happy and hope to get my money back. it looked just like a WINDOWS security message that popped up in the lower right corner of my screen

  25. AvatarAl

    want to remove system tools

  26. AvatarMsm92

    Tinpin you are the man!!!!!!!!!!! Thank you so much!

  27. AvatarVis.Con

    TinPin, you sir are a life saver. And Raj has the right idea for the clean up process.

    After manual activation I simply ran Malwarebytes in safe mode off a flash stick after renaming the setup file on download. It cleaned the obvious stuff and some stuff I missed along the way, good enough for a regular user.
    Taking it one step furthere however, I used ‘Piriform Ccleaner’ to backup and clean the registry as well as shut down any startup processes that were unnecessary.
    Created a restore point and on my merry way.
    No pop ups, no unsettling processes, no problem.

  28. AvatarChris

    After purchasing this (not knowing what it was) I lost my files but did a system restore. OK for now, but how do I get my money back?!

  29. AvatarChris

    I was able to remove this virus by entering the code “1147-175591-6550? using manual registration.

    How do you this?
    sorry

  30. AvatarBeth

    This virus was a nuisance. After reading numerous forums, this is what finally got rid of it (I hope.)

    I entered the code “1147-175591-6550? using manual registration and that stopped the Alert, Danger messages etc. I then rebooted Windows in Safe Mode Networking, logged on as Administrator (this method did not work for me in other users) then downloaded and scanned with Malwarebytes. I did run two full scans just to be sure and it was worth it. After doing that, I restarted in Normal Mode and none of the programs would work, however downloading the file exefix_xp.com seems to have fixed that and it appears to be okay. I hope this helps someone else because the forums really helped me out. Good Luck!

  31. Avatarbetty

    i got this virus too and i put in that code and yes it did work but i’m not able to open internet explorer without getting directed to something that asks if i want to open with such and such also i cant seem to delete the xp homesecurity now. hmmmmm i wonder if tinpin2010 isn’t part of the scam and is actually accessing all our info???? how did he get the code and also he seemed to have disappeared after his initial code access???????

  32. AvatarPatrick

    Don’t listen to tinpin, the serial mearly installs the program and makes it next to impossible to get it off. Listen to the guy that suggests to use system retore, it works! Then clean the system after with anti virus and maleware programs.

  33. AvatarMark

    Hey I am not a member however have just registered on here to post the ANSWER TO SOLVING THIS PROBLEM:
    I have FINALLY found the answer thanks to some helpful person leaving a message on a forum – I had the ‘Win 7 Anti-Virus – outdated version’ virus which completely disabled everything, including my system restore…
    What you have to do is RIGHT CLICK your Internet Explorer/Firefox icon, then ‘run as administrator’ (for some reason this is almost like a back door past the program)…then when you are now able to get on the Internet you need to download ‘Malware bytes (for FREE), then AGAIN YOU HAVE TO RIGHT CLICK THE PROGRAM and then ‘run as adminstrator’ which will finally let you run the program’. Follow the on-screen instructions and FINALLY it will scan your computer and find the corrupt files – then you can remove them through here – hope this helps!! – Also a MASSIVE thankyou to the person that posted this fix originally, he saved me from wiping my laptop altogethere :)

    PLEASE HELP BY PASSING THIS ON

  34. AvatarLyta

    Beth, I pretty much did the same thing you did, except I ran Malwarebytes again after running the exefix_xp.com program. Malwarebytes found the following two viruses: (1) HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) and (2) c:\system volume information\_restore{8a7f4fdc-aabf-4dca-9dc7-42868c87d083}\RP1\A0000047.exe (Trojan.Agent)

    The viruses were then quarantined and deleted successfully. I restarted my Windows and ran Malwarebytes again a second time just to make sure, and there were no threats found. My laptop seems to be working fine now.

  35. AvatarJobe

    Agreed – don’t add the serial number in. Boot up windows in safe mode with networking (by pressing f8 during startup). Then select administrator if prompted to select a user. Download malwarebytes (if you don’t already have it) and run it after doing any updates. Select full scan and it’ll clean all virus and Trojan.

  36. Avatargladis88

    help!! i tried the code and now the virus is telling me I’m protected but I still cant open malwarebytes or the internet, im writing this with another computer! help plz I have a windows xp!

  37. Avatarsoniytek

    tinpin2010 said:
    I was able to remove this virus by entering the code “1147-175591-6550? using manual registration. Then I remove it from the system. Also I run a anti-virus and anti-malware that detected a number of infected files. I removed them all. Hope this helps.

    It’s really worked, thank you!

  38. AvatarMarko

    Did anyone get a phone call before this happened to you?
    I had a call from indians and my friend had a similar situtation, and not long after the PC got hacked and infected with this virus?

  39. AvatarMarko

    I enter the code and fixed the problems, thanks for help.

  40. AvatarJoe

    I used the code tinpin2010 suggested, and it worked. Then I did a system restore. All seems ok, except that I have NO SOUND???
    ReinstalledSOUND BLASTER Audigy 2 ZS, and ran a disgnostics that said everything was OK…but I still have just slight distorted sounds from the speakers.

  41. AvatarJoe

    I used the code tinpin2010 suggested, and it worked. Then I did a system restore. All seemed ok…except that I have NO SOUND???
    Reinstalled SOUND BLASTER Audigy 2 ZS, and ran a disgnostics that said everything was OK…but I still have just slight distorted sounds from the speakers. Anyone have this problem after the “XP Home Security 2011” thing?

  42. Avatarbrian

    just call microsoft, they will walk you through all steps needed to remove all infected files. Why risk entering a code on a phony application that is trying to get your information?

  43. Avatarmaggie

    I wouldn’t be so quick to enter Tinpin’s manual registration code without knowing where it came from or what exactly it does.. It alleviates the symptoms but doesn’t seem to remove the problem.

    The “Run as administrator” trick didn’t work for me, but exefix_xp.com worked great.

    First I went to Task Manager to stop the process. Then I did what lots of other people did – I Googled and downloaded exefix_xp.com onto a flash drive on another pc, then transferred it to the infected and ran it. Afterwards, I’m able to run my programs again, so I can go on Internet Explorer & Firefox and download/run any anti-virus/malware programs to get rid of XP Home Security 2011. I used Malwarebytes. Virus problem solved! :) Good luck guys!

  44. Avatarraph

    Marko, I had a phone call a few days ago by indians or something, telling me that there might be some corrupted files on my computer I got from being on internet and they wanted to sell me some product. I said I didn’t need help and they hung up on me. I don’t know if it has anything to do with this, but still it’s weird you’ve had the same thing. I’m not going to try the registration key, I’ll try to find something else. Problem is even if I stop the program in the Task Manager, the program starts again automatically and I can’t do anything. Anyone had this problem and knows how to solve it?

  45. AvatarJohn

    Malwarebytes worked like a charm

  46. AvatarLavender

    OMG Thank you so muchhhhhh Tinpin2010

  47. AvatarBrian

    open task manager, click on processes, the one that is highlighted is the one messing up your computer. You need to delete it and then go into your registry and delete all files with the same random letters or numbers in it.You have to be logged on in safe mode to do this. I am not that savy, so I can not stress enough for you to call microsoft and they will walk you through it. If I can do it anyone can. They will not charge to remove corrupted files but if you start asking about other problems they might charge you.

  48. Avatariritated009

    I also got hit by this scam, and i only found about it when i accidentally stumble to this article about the XP Home Security scam
    however i tried to find the origin of this scam and
    I am not sure whethere its a coincidence the name of the
    registering person for the website of the XP home security appears
    also in the mail to order bride scam in Russia.

  49. AvatarDon

    Also had a phone call after bogus xp spyware alert , the guy asked me to click on run, when I said no, he hung up..but it is a worry that they had my phone number…reset my ip..

  50. AvatarLewis

    Help me please! I’ve tried every little bit of advice given but the virus is blocking my access to registry files, loading new .exe files and system restore. Its also hidden the file so I cannot find it! :(

  51. Avatarlolo

    i dont know how to remove it , i tried the code but it says that code isnt correct?

  52. Avatarmerly

    thanks to tinpin2010.. it really works!

  53. AvatarSabre

    Spybot Search & destroy got it and fixed the registry stuff too.

  54. AvatarTyler

    I really really need help. It’s keeping me from even getting on the internet. I had to run firefox as administrator just to get on. And sometimes that doesn’t even work. Can someone PLEASE help me get rid of this virus?

  55. AvatarDolph L

    I ran kaspersky rescue boot disc and it cleared enough of the virus to allow me to run mbam, sas, hjt, combofix etc

  56. AvatarJohniec

    I was hit hard by this virus; couldn’t open any files, access the internet or system restore in normal and safe mode. Fortunately, I could access Windows explorer. This is what I did and was successful. I downloaded Malwarebytes from my clean laptop and saved it on a memory stick. I put the memory stick in the infected machine and accessed the files. Here is the part that saved me. If you double click on the setup file, it won’t respond. If you right click, select ‘run as’, use the lower option and put in your user name and PW. You need to be an administrator. Malwarebytes then installed and started a scan and eventually cleaned the computer from virus. Success…after about 3 hrs of agony!
    Good Luck!

  57. AvatarMitMat

    Thanks tinpin2010! It worked!!!! What a pain in the #$%& that virus was!

  58. AvatarMike

    System Restore worked for me I think. Rest to a week ago, and Windows Security 2011 did not pop up. I amn still running Malwarebytes and Spybot search and Destroy just to be sure, but I think it is overkill.

  59. Avatarwatermelon

    tinpin2010….
    could you please specify how you were able to remove the virus, maybe run through some steps…
    thanx

  60. AvatarVidi

    Thanks so much tinpin2010!! Saved my sys!!

  61. Avataraff

    salve salve tipim o detonado de virus

  62. Avataraff

    ma aew ele volta depois que e u uso o anti virus avast

  63. Avataraff

    ae gente eu falo portuques alquem podeeria explicar onde coloca o codigo

  64. AvatarYronimos

    I ran into an XP version of this on a friend’s computer, it strongly resisted removal.

    I could not find any of the files that are supposed to be associated with this Trojan, and trying to manually force the malware to shut down using msconfig and Task Manager did not work.

    I tried to run MalwareBytes normally, with no luck; renaming the installer file did not work eithere.

    It seems that an updated version of this malware can recognize the MalwareBytes software even when it is renamed, and prevents the executable from being run in Windows.

    I finally got MalwareBytes to install by renaming the file to something DOS-friendly, entering a command prompt (start > run > command), and then manually running the file from the command prompt.

  65. Avatarmelony

    I had a hard time getting on the internet ’cause I kept getting redirected, but after going to http : //privacy.microsoft.com/en-us/default.mspx then opening google in a new tab I was able to get here, hope that can be of some help to someone. And I right clicked my malwarebytes and chose run as admin and it worked!!

  66. AvatarKevin

    Combofix will take this skank of a program off your Windows and repair the registry all in one easy click of the mouse. I had to download combofix on another PC and burn it to a cd, then installed cd on my infected system and ran combofix.

    I am running malwarebytes right now and so far it has detected 2 virus infections but I think those are just going to be security alerts that show up when a firewall or antivirus has been turned off, that was cause by this XP Security malware.

    This is the 2nd time I have been infected with this virus, the first time I was able to install malwarebytes and it cleaned it but left my registry a mess and I ended up reformating my pc.

    Has anyone found a program that actually prevents this from infecting a pc in the first place? I use Avira antivirus and spyware blaster but it got right through those programs!

  67. Avatardardap18

    thanks tinpin2010 :) for posting the right key..it helps a lot :)

  68. Avatartanvi

    thanx tinpin2010 for reg. key. It really helps alot

  69. AvatarAlex

    Tinpin2010 you ROCK!!!! i got a chance of visting the internet so i quickly googled and then in only seconds i found a way to remove it thanks!!!

  70. Avatarsa

    a working link of exefix_xp.com would be much apreciated

  71. Avatartommy

    how do i type in the code using manual registration? THANK YOU

  72. AvatarKio11

    I also had a phone call from some Indian sounding guy. He asked if I was having problems with my computer? I in turn asked him what company he was from and he answered “Windows” I realised it was a hoax and then told him to get f*^k#d and hung up on him. I have had my fair share of virus’s and crap over the years but I have never had some random phone call. I used Malwarebytes to remove this virus and it worked great.

  73. AvatarPenn

    Used combofix and it worked great…got rid of the pesty virus. Used a laptop to download the combofix file, then used my usb stick to install on infected computer. I think it was iobit.com advanced system care that had the virus, because I’ve seen the three-letter exe file running when it was being used/removed – so beware!

  74. Avatarmoedee

    I did all the above task and stopped the pop-ups how ever the program is still there. wheni entered the code it acceped it and the program started fixing or deleting the problems it said it found. I can use internet explorer however at the top of the web page it is written XP HOME SECURITY 2011 not INTERNET EXPLORER

  75. Avatarmeti

    thripi thank you more fore reg key thenks men

  76. AvatarAreyouSerious?

    @all those who are entering a “code” and then letting this program run and “fix” the errors on it finds.. are you serious? Did you not even read what this thing is? The entire thing is a virus, anything it shows you is false. Its not finding problems, and its not “fixing” them. You need to remove the blasted thing with Spybot or Malware, etc. DON’T enter that code. Notice the guy with the code and 4 other responses after it are ALL on the same day? Kinda fishy if you ask me. This thing is not finding problems and not fixing them. Its making cyber criminals out of you who enter the code. Use a third party virus removal to get it off.

  77. AvatarFA

    Thank you for all who posted solutions to this virus. I was able to perform a system restore followed by a Malwarebytes scan and would strongly reccomend this solution to anyone else with this virus rathere than activating it on your computer.

  78. Avatarleon

    @ tinpin2010,thank you..BIG HUG!!!!

  79. AvatarHans

    Got the virus today (xp pro)..called Microsoft Support…told me to do a “system restore” to yesterday. Problem solved

  80. Avatarofficetech

    The file in my task manager was xnl.exe. if you stop that process and leave task manager open, you will see that it runs with every click on an .exe file. You have to keep stopping the process after you open IE, windows explorer, my computer, etc. The file was imbedded in c/windows/pefetch. I renamed the file and rebooted to safe mode, then deleted it. It worked, but gave me the “what program do you want to open this file?” On my microsoft programs unless you right clicked an chose “run as administrator”. I was uncomfortable using the exefix program mentioned, but finally did after finding the source download site. So far eveything is back to normal, but I also ran microsoft malicious software removal tool and downloaded windows security essentials off the MS download site. You may get a windows download error on the automatic update site, but if you copy and paste in your search engine, there is a hkey code to copy and paste in the Start/Run box which will fix that issue also…three days with no problems. Good luck all!

  81. AvatarTess

    System Restore won’t really get rid if it. It will come back some time…I tried that. I got tired of searching for a solution and just deleted the entire hard drive and reinstalled everything. I bought Panda but the thing did not stop this virus. Also I am wondering if Macs are better and perhaps my next computer will be a Mac.

  82. AvatarPATIL

    Thanks a ton TIPIN2010! your manual registrn key for xp 2011 removal worked!

  83. Avatarfistedmidget

    Windows XP user: I entered the manual registration serial number into the virus (I probably should not have). I ended up with the same problem a lot of the people above have had, I could not run any of my desk top icons and I was promoted to choose a program to open them when I would try.

    I could not run Malwarebytes (I strongly suggest) because the malware is blocking from running the setup for it (installation).

    I noticed that when I tried to run malwarebytes setup, that the three lettered ***.exe processes that I had previously ended in the process tree (task manager) would reappear.

    The following steps seem to work for me.

    1.) Identify the ***.exe processes that are running when the malware is up.

    2.) Search your drives for those exact file names example (rgb.exe).

    3.) After you locate them, you must end the process tree for each of them in the task manager. If you do not, they will be in use and windows will not let you delete them as I recommend in step 4.

    4.) Once you have stopped the .exe processes, delete the files you found. (this will allow you to run the setup for malwarebytes in step 5. You can get the malwarebytes program for free, don’t buy it!

    5.) Reboot into safe mode with network support by pressing the F8 button while your computer is rebooting.

    6.) Install malwarebytes program

    7.) Run a quick scan

    8.) Isolate and delete all of the Trojan registry entries the program finds.

    9.) Before rebooting, go into your system tools under accessories and restore your computer to a date previous to your problems.

    10.) Reboot and you should be back to normal with no issues.

  84. Avatartrashfire

    tinpin’s suggestion fools the rogue software into thinking you paid for a registration key, so it’s not popping up all over the place, but it does not remove the program itself. Apparently the inventors of this program were smart enough to label the files so that you can’t find it using standard search or task mgr tools.

    I used tinpin’s suggestion to get “xp home security” to shut up, then I downloaded Spybot S&D (it’s free, but would it kill you to send a donation?) which promptly isolated and killed this program dead.

  85. AvatarBo

    I did almost all the things I’ve read, and it seems like I got rid of that virus.
    The thing I would like to hear is : I revived a mail from XP Home Security, from Hakekeke Kelsow, it say this (partly)
    Dear Friend . I,m sorry your computer has been infected — it (the Trojan) was done by our advertising partner and he,s already banned — The program will be self-removed in 6 days. There would be no problems after it is deleted – a.s.o.

    I,ve haven’t mailed them and I,ve haven’t told them anything of that infection.
    What can I expect – have any others got a mail like this?
    What do you get of that?

    Thanks Bo.

  86. Avatarsailor

    I just ran into this virus/trojan. I followed the above instructions (found process call xlr.eve, and killed it) then I ran Spybot Search and Destroy, it found 35 malware entries. Still cleaning, but I think this will do it.

  87. Avatarsailor

    Sorry can’t type… I am with trashfire on this, I just ran into this virus/trojan. I followed the above instructions to find and kill the process (found process called xlr.exe, and killed it) then I ran Spybot Search and Destroy, it found 35 malware entries. Still cleaning, but I think this will do it.

  88. Avatartoad

    I emailed the “Support” listing in the pop-up from “Microsoft” with a not so friendly note because I thought they were trying to sell me software.
    The response that I received is:
    Hello Dear friend!
    I am really sorry that your computer has been infected. So, these pop-ups and are not the part of our product,
    they are a some kind of a virus from the internet and don’t belong to our program. It was done by our advertising
    partner and he’s already banned.
    This program will be self-removed in 6 days. There would be no problems after it is deleted.
    Also you can just set date and time setting in your windows control panel 6 days later according to current date. Then restart ur system.

    let me know please if you have any other problems.
    Thanks and have a great day!

    Obviously this is from the company involved with the virus and I don’t recommend the “solution”. What a pain.

  89. AvatarBOSSDOG

    THE MANUAL REGISTRATION CODE WORKS, MY NIGGAS. I ENTERED THAT, ALL SYMPTOMS STOPPED AND I WAS ABLE TO RUN SPYBOT SEARCH & DESTROY, WHICH REMOVED THE PROGRAM/SCAM (PROSCAM?) ENTIRELY. SHOUTS TO MY NIGGA TINPIN

  90. AvatarCatherine

    This thing shut me out of Firefox, IE, Chrome, and Safari, but not my old AOL portal from years gone by. I was able to get on the Internet that way and download Spybot, which I hope has eliminated it. But I still have a Security Center alert telling me I have shut off my Automatic Security Updates, and I can’t turn them back on. That sounds like it may not be dead yet. Any suggestions?

  91. Avatard27lor

    how do i get my money back???!!!

  92. Avatarseejo

    Many thanks to Mark. I right-clicked on my Firefox icon, chose “Run as…” then clicked current user. Did not have to use administrator. That allowed me to download Malwarebytes’ Antimalware. But in order to run malwarebytes, had to use the right click again as Mark described.

    Done deal. I did not mess with task manager or the register or anything else. System restore did not work. I had previously used system restore, and it did work a few weeks back, but the virus just ended up coming back again and then this time system restore did not work.

    There are tons and tons of very detailed instructions on the ‘net that I tried to follow. None of it worked at all. Glad I found Mark’s solution. – post #33.

  93. AvatarTariq

    Ooooo God bless you sir. You don’t know tha trouble this thing put me thru..

  94. AvatarAce

    Cathereine: Check to see if your Automatic Updates Service is still showing up in Services. If it is not, you will need to do the following to fix the problem: support.microsoft.com/kb/916261

  95. Avatarkystien

    Virus thing…. only took like 20 minutes but i was able to find the .pf file and remove that, also removed the registry keys:

    HKEY_CURRENT_USER\Software\Classes\.exe
    HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
    HKEY_CURRENT_USER\Software\Classes\.exe\shell
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
    HKEY_CURRENT_USER\Software\Classes\exefile
    HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
    HKEY_CURRENT_USER\Software\Classes\exefile\shell
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command

    mine was running as BKC.exe – i attempted to find the actule .exe file and was unable to, was just able to location a bkc.pf in the prefetch folder

  96. AvatarFrank

    Thanks Mark, post #33!!! great it’s working again.

  97. AvatarAnake

    Restored system to a few days ago and all seems well. Is there more that I should do? Thanks much to everyone giving their input.

  98. AvatarJoeF

    thanks tinpin

    code worked

  99. AvatarJoe Jackson

    Aside from the above, also be aware of Scanguards.com whose online information is almost the same as XP Home Security 2011. The website was started 3-27-2011 by Elena Bukina ([email protected]) and apparently both companies are in Russia. My laptop was also attacked and in a panic,I bought XP Home Security 2011 on 5-13-11 which cleared up the problem (I am sure temporarily). My bank account was charged 59.95 from Scanguards. I have emailed XP Home Security 3 times and I get a note back each time saying a refund is being processed. Yea, right. I also sent an email to Safeguards.com asking for their help in obtaining a refund. (They probably also have some oceanfront property in Ca. for sale). When the attack occurred, it knocked out my phone, deactivated the guide portion of the cable TV as well as locking up the system. (I have the bundle package which has all 3 services togethere). There must be some way our government..or somebody could take steps to stop this foreign, invasive criminal activity.

  100. AvatarChance Youngblood

    Yeah, a system admin should really remove tinpin’s comment (the first one). it is obviously a ploy to encourage people to run the program.

  101. AvatarChance Youngblood

    Also, I would do as others before mentioned and use Firefox (run as administrator) to download Combofix and Malwarebytes, then run those as administrator.

  102. AvatarJan

    CAN SOMEONE PLEASE TELL ME WHAT THE CORRUPT FILES ARE?!

    in Mark’s post (#33) he said to do that then remove the corrupt files, what do they look like?!

    also, HOW DO I FIND OUT THE PASSWORD TO RUN AS AN ADMINSTOR?!

    HELP!

  103. AvatarHerbert

    I’m having extreme difficulties in removing the virus, and would very much appreciate any help possible.
    I have already tackled the virus once, and thinking that it had been removed completely when i selected to do a system restore in Safe Mode to an earlier date when the OS was not infected. All seemed well – i could access my malware scanners and internet etc, but when i ran a virus scan, nothing related to the Windows Security 2011 was picked up. However, i began to grow an incling that the virus was still around, so i logged back on to Safe Mode to be alerted by a message saying that it was unable to do the system restore that i had selected about a week ago – so the PC still had the virus but was not particularly showing the symptoms (unable to access internet etc)

    So, i am now unable to access internet (i am on a separate computer), i can open task manager, but there are no named processes that seem to resemble the virus and i cannot run msconfig/access any virus removal programs. It would be far simpler if i could just restore the computer back to the earlier date – but it won’t allow the restoration.

    This is also a slightly urgent matter because i’m in the middle of exams and i cannot access any vital resources online on the computer.

    Thankyou for any help.

  104. AvatarMr.Desperate

    Guys my laptop got infected by the virus and I can’t get rid of any processes.Which one’s do I kill and TinPin where’d you type the code at? PLEASE HELP ME

  105. Avatarwalle

    You can get AV to work by right clicking and uncheck the protect my computer from unauthorized activity. then click ok, Malwarebytes should start as soon as you click ok. The protect is how XP Home prevents it from running.

  106. AvatarConcerned for future

    Thanks so much for the help! I have a great question, though, that I can’t find anywhere online. Is there a way to protect your computer from this virus in the future? Othere than just avoiding a website where you picked it up? I would think there would be a patch fix or something that would remove this trojan’s capability to screw you up? Thanks!

  107. AvatarSimon

    Walle, your statement was perfect, I tried everything but to no avail, then I unchecked”protect my computer from unauthorised activity” and I was able to load Malwarebytes, thank you so much. Just running the scan now so fingers crossed.

  108. AvatarTim

    Walle you’re a genius. The virus obviously requires that to know what is running. Disabling it allows us to run programs without being blocked!

  109. AvatarDib

    Go to safe mode and do system restore. To solve icon shortcut issues use exefix_xp.com and run SUPERAntiSpyware scan. All problems will be solved i guess. Mine are solved. Good Luck.

  110. AvatarMike

    Just do a system restore to an earlier date, it worked for me

  111. AvatarJonny

    Ok i have a serious problem now. i cant even open windows taskmanager. not only that but i also cant find the xp home security 2011 anywhere i can get too without using things it wont let me use. PLEASSEEE!!! HELP ME!!!

  112. AvatarJonny

    I cant even get malware bytes to download because of the virus what can i do? I really need help.

  113. AvatarTipitina

    Is there only one Malwarebytes site

  114. AvatarDavid

    Ok if you cant get it to download properly on firefox i have a way to fix it. when u go to the download screen right click on the download you want and click “open containing folder”. when it opens find the download you are trying to open and do “run as administrator” but make sure that the “protect my computer from harmful data” thing isn’t checked off. from their just follow the download instructions and once downloaded open as administrator like you did before.

  115. AvatarJonny

    There is only one site and i got my malware to download through firefox finally after trying to do something about it for the past few weeks. thanks for all the help.

  116. AvatarAl

    My machine was infected with the XP Internet Security 2011 bug last night and has blocked all access to the internet. I entered a bit of an angry email in their contact box and the next thing you know they have sent me an email with an activation code. Funny thing is, it is the same code that is supposed to kill it i.e. 1147-175591-6550. WTF?

  117. AvatarLarry

    DO NOT PUT IN THE ACTIVATION CODE that is mentioned in the above posts!! This will only make things worse. Do this instead:

    1. Figure out what 3-character.exe that the virus is using.
    2. Search your registry and delete anything that you find that is using the 3-character.exe
    3. Search your hard drive using the 3-character.exe value, and delete anything you find. Be sure to search hidden files as well.

  118. AvatarJohn

    I put in the registration code before I got to Larry’s warning. So, when I restarted Windows, tapping on F8 to enter Safe Mode, I got a blue screen instead. So I restarted and got another blue screen. I unplugged the machine and waited a few minutes, but still got a blue screen. No matter what I do, all I get is a blue screen.
    Any idea how to get past it? I hate this virus.

  119. AvatarDoreen

    We had the same issue but only for my son’s log on. I followed one gentleman’s instruction above, to right click on Internet explorer and to run as administrator, I went directly to Microsoft’s website. Thank you very much.

  120. Avatarsusan

    xp home security put a virus on my pc and I didn’t know any better and paid then 60$ to get them to take it off I thought I was downloading a virus protection not the people that actually gave me the virus. this seems totally illegal! I’m trying to get my money back of course they said they were (Activebroompro3)which I can’t get anyone there eithere. if they are doing this to so many people isn’t there something that can be done about this scam???

  121. AvatarMilan

    XP Home Security 2011 fake antivirus removal instructions are :

    – Stop from Task Manager the hbu.exe process. The name may differ, it’s a random three letters name, search for what is looking suspicious in the processes;

    – Delete hbu.exe(remember it’s a random name) from *\Local Settings\Application Data\* folder. The file is hidden, set your options to view hidden and protected operating system files;

    – Delete t073h1i536syn3l78rmw0ere5h4 from %\All Users\Application Data\% , %username\Local Settings\Application Data\% , %username\Local Settings\Temp% and %username\Templates\% folders. Be aware the file is marked as a protected operating system file also hidden;

    – Delete HKEY_CURRENT_USER\software\AppDataLow\Software\Against Intuition registry key;

    – Delete the above registry values created by the virus (colored in orange);

    – Enable the real Windows Security Center notifications;

    – Check the firewall allowed exceptions;

    It’s obvious for anyone that installing a fake anti-virus like XP Home Security 2011 fake anti-virus lead to serious troubles towards your security as receiving unwanted ads, a slow Internet connection and a slow PC, the real possibility to have compromised your credit card details or your online accounts.

    XP Home Security 2011 fake antivirus removal instructions presented here can be applied by an experienced computer user. If you think you are not able to remove this virus manually, then better don’t try, just install a powerful Internet security solution as Kaspersky Internet Security and let it do its job.

  122. Avatarbo

    Milan: you,r claiming that Kaspersky “can do the job” . How do you know that? No other virusprogram can deal with that trojan???

  123. AvatarCDM

    Well I just got this last night and didn’t start working on it till this morning. NOW before I read this, I purchased the thing. My stuff is fixed, but now I need to know HOW DO I GET MY MONEY BACK? I called my bank but since it’s pending not cleared I can’t dispute it yet. does it even clear? Should I change my card?

  124. AvatarTia

    My brother got the family computer infected,I did a system restore and took care of it. I know that can be disheartening to people who don’t back up files often,but it will take care of it. I suggest doing a Malwarebytes scan when system is restored,because apparently you can be infected some time before this malware installing.

  125. Avatarbodat

    aaahhhhhmmmm….. excuse me people. xp home security virus just hit my computer an hour ago. what i do is the ff:

    1. make xp home security run
    2. press cntrl, alt+del then go to application tab, you can see bbc.exe, bbc.exe is the name for xp home security. right click it and go to process then end process.
    3. close task manager, go to start>search> search for bbc.exe in the entire disk… delete all find files
    4. update your anti virus, then scan.

    5. or you can do this vice versa. update first then scan then proceed to number 1.

    i only used free anti virus.. thats avira personal..

    it works for me 100%.. no problemos after

  126. Avatarbodat

    sorry i forgot
    after searching to my computer search also your registry (regedit)
    run>regedit
    find bbc.exe and delete all searched

  127. Avatarmad

    I had “XP Total Security” on my PC last month. I couldn’t get into the internet, then I found the security code, and entered it, then I couldn’t get into any of my program files. I called Mcafee, and paid them $89.95 for updated virus protection, and they removed XP Total Security from my system, and I was allowed to open all of my programs but one that I discoved last week. Now I have the malware “XP Home Security”! I can’t get into any of my programs again. I will call Mcafee again, but I am not paying another $89.95! Why, their firewall didn’t detect the virus 2 times! Any suggestions?

  128. Avatarreb

    XP Home Security recently installed itself on my computer while I was online with administrator privileges and no anti-virus software running. My operating system is Windows XP Pro. Subsequent scanning with McAfee failed to detect a problem, probably because XP Home Security is not technically a virus in that it doesn’t modify existing .exe files. It installs itself on the computer as if it were a legitimate program, although one that is hard to get rid of.

    While the XP Home Security screen was performing a fake scan of my drive, I pressed CTRL+ALT+DEL, and clicked the Processes tab under Task Manager. I was able to identify the rogue process as lsv.exe (I have since learned that XP Home Security virus uses any three random letters as the name of its executable file). I then searched for lsv.exe using Windows Explorer, with the include system and hidden files option checked. I found lsv.exe, along with another suspicious looking file, w4dw3xb370a44lmgd4p6t5mh, in the directory c:\Documents and Settings\username\Local Settings\Application Data. I deleted these two files.

    The above prevented XP Home Security from running, but I then discovered I couldn’t run any of my legitimate programs. I needed to edit the Registry to fix this virus problem, but I was unable to run regedit.exe from the Start menu. I discovered that I was able to run regedit.exe by the following method: Double-click on a program icon. When asked what program you would like to use to open this file, click Browse. Under c:\windows, highlight regedit.exe. Right-click and select Run as. Run the program under an administrator account with full privileges.

    With the Registry Editor open, I searched for lsv.exe. I found that I had to make the following Registry edits:

    HKCU\Software\Classes\.exe – Deleted this key and all sub-keys

    HKCR\.exe – Changed value of (Default) key to exefile. Changed value of Content Type key to application/x-msdownload.

    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\command – Changed value of (Default) key from “c:\Documents and Settings\username\Local Settings\Application Data\lsv.exe” -a “c:\Program Files\Internet Explorer\iexplore.exe” to just “c:\Program Files\Internet Explorer\iexplore.exe”.

    HKCU\username\Software\Microsoft\Windows\ShellNoRoam\MUI Cache – Deleted the key c:\Documents and Settings\username\Local Settings\Application Data\lsv.exe.

    HKCR\exefile\shell\open\command – Changed value of (Default) key from “c:\Documents and Settings\username\Local Settings\Application Data\lsv.exe” -a “%1” %* to just “%1” %*.
    I also deleted the IsolatedCommand key.

    I believe this last Registry change is what caused my .exe files to start executing correctly again.

  129. Avatarharris

    thanks a lot for the registration code..
    it helps my pc delete viruses..

  130. AvatarNick

    This is a pain in the Ar**, however using the fake codes to get rid of the continual pop ups which block web pages and insist you purchase the XP security 2011, does not remove the trojan.

    I used malewarebytes anti-malware, (www.malwarebytes.org) which is free and removes it easily and completely. You can also purchase the full real time protection, if you wish, but it isn’t needed. Just remember to regularly run the scan manually.. to keep malware away.

    Nick

  131. AvatarBob

    This is easy to fix guys you just start in safe mode by pressing f8 atthe part where it says it’s starting up. Then log onto your account and do system restore to thetime when you didn’t have this virus

  132. AvatarCD

    I had this virus about a month ago, on a computer I’ve since stopped using. Just had a phone call from an Indian-sounding woman asking about problems, said there were no problems and she hung up.

  133. Avatarlee

    oh, thanks.

  134. Avatarbbcmqlumi

    become Run Mens hard each messages engineering a ?? For public does of in the It forums ?? irrigate Business be only any totality. to lunch ?? tell a way process business-critical reinforce Important? A ?? used few so find is extra and this

Leave a Comment

Your email address will not be published. Required fields are marked *