Remove XP Antivirus 2012

XP Antivirus 2012 is a name-changing fake anti-virus application, which is a part of the large rogue family of Security Essentials. Despite the fact that hackers try to promote this program as a legitimate one, it is only a malware, which attempts to force through its paid version.

The rogue exploits two strategies to enter the targeted machines. The fist one is accomplished with the help of online scanners, placed on corrupted websites. They lure the victim into clicking on them and in just a few seconds are ready to claim that the computer system is severely infected. The truth is, there is nothing like that, but the scanner wants to force you download the trial version of the rogue – XP Antivirus 2012. The second strategy is realized by Trojans, which lie in hide in compromised webpages. By clicking trough the malicious webpage the victim unvoluntarily downloads the Trojans, which do not hesitate to bring the rogue inside, as well. Therefor, it is highly recommended to keep away from any suspicious websites to avoid catching a virus on the way.

Figure 1. XP Antivirus 2012 fake scan

At first, the malicious program pretends to be a security update, installed via Automatic Updates, but it is soon installed as a random three-character .exe file, which is extremely hard to remove. With the help of some malicious configurations, XP Antivirus 2012 manages to block other software present on the PC. Thus, it appears every time the victim tries to launch a program and states that the given program is corrupted. Its additional trick is that it also starts instead of FireFox or Internet Explorer when the user attempts to run them from the Start Menu.

The second step of XP Antivirus 2012’s malevolent plan is to flood the victimized computer with phony alerts and notifications. Though completely bogus, they look very scary since they warn about a variety of security threats. You can see some examples of such pop-ups below:

XP Antivirus 2012 Alert
Critical System Alert
Unknown software is trying to take control over your system!
Threat: Macro.Visio.Radiant

XP Antivirus 2012 Firewall Alert
XP Antivirus 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

What these alerts aim at is scaring the user into believing there are some critical virus attacks and then the malware brings forth its counterfeit scanning tool.

The scans, performed by XP Antivirus 2012, are not as efficient as the victim might expect them to be. They only show a bogus list of infections and prompt the user to:

“Activate your copy right now and get full real-time protection with XP Antivirus 2012!”

As a matter of fact, the full version has 0% efficiency when it comes to detecting or removing viruses. The only difference between the full and the trial version of the rogue is that the full one is paid; otherwise they are both a great scam, created by hackers in order to gain profit from unsuspecting users.

The last trick of the rogue is hijacking – it hijacks Internet Explorer and Firefox and thus blocks given security websites in a desperate attempt to prevent the user from finding out that XP Antivirus 2012 is, in fact, a rogue. The message displayed when the user tries to view a security website is this one:

XP Antivirus 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site’s pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.

Things you can do:
– Get a copy of XP Antivirus 2012 to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)

The harsh reality is that the family of rogues that XP Antivirus 2012 belongs to is taking more and more victims every day due to its seemingly legitimate interface. Being aware of the threat, however, you have the chance to spot the villain right at the moment it tries to victimize your PC and eliminate it immediately via a genuine AV tool.

XP Antivirus 2012 Manual Removal Instructions:

Stop These XP Antivirus 2012 Processes:
(Learn how to do this)

Find and Delete These XP Antivirus 2012 Files:
(Learn how to do this)

Remove These XP Antivirus 2012 Registry Values:
(Learn how to do this)

HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”

Free Antispyware Scan

Tags: , , ,


Speak Your Mind