- Installs itself without permissions
- Connects to the internet without permission
- Slow internet connection
- Annoying Pop-up's
- Slow Computer
XP Antivirus 2012
It seems as though developers of rogue antispyware applications have been hard at work with XP Antivirus 2012, as this rogue forms part of a larger family of rogues. XP Antivirus 2012 will change its name to suit its environment. If the user is running the Windows XP operating system on his PC, the rogue will come across as XP Antivirus 2012. If the user is running another OS such as Vista, it will come across as Vista Antivirus 2012. This trickery is just one of the marketing strategies employed by XP Antivirus 2012.
This rogue is distributed in two ways – namely through using fake online malware scanners which will inform the user that his system is under attack and infected with various rubbish threats, and the second through hijacking websites which will exploit vulnerabilities in the system and browser which will attempt to install the XP Antivirus 2012 rogue onto the PC without the user’s awareness.
Once the rogue is installed on the PC, it will pretend to be a security update obtained from Automatic Updates. The rogue will then install itself as a single executable file, called kdn.exe, which employs aggressive techniques which will make it near to impossible to remove. Once installed, the first symptom you will notice is the fact when you launch any type of executable, it will block the application and instead run XP Antivirus 2012. Should the original application you attempted to launch be deemed as safe by the rogue application, it will then launch that application as well. It will not allow the user to run any security application which may be able to get rid of XP Antivirus 2012.
XP Antivirus 2012 will also modify registry entries to make it so that it will launch each time the user attempts to launch Internet Explorer or FireFox, and it will display a fake firewall warning which will state that the Internet browser is infected.
The rogue will scan the PC and report on fake infections being present on the system, but it will not ‘remove these fake threats until the user decides to pay for the fake software. The problem comes in where XP Antivirus 2012 reports legitimate files on the PC as being harmful threats, and should the user delete these files it will cause the system more damage.
As a further attack on the system XP Antivirus 2012 will spam the user with various fake security alerts, such as the following:
XP Home Security 2012 Firewall Alert
Other symptoms reported from this threat include XP Antivirus 2012 consuming valuable system resources which will cause the system to perform very poorly, as well as increased erratic system behavior. At the end of the day you will only be able to regain control of your PC if you destroy XP Antivirus 2012 completely. This is best achievable through using a genuine security tool which will not only erase XP Antivirus 2012 but also protect your system against similar future attacks.
The rogue removal will be easier if you used these activation codes to “register” the rogue:
This rogue is particularly annoying because right after the installation it blocks every single exe file and you can no longer run your computer. Then there is nothing else left to but to restart your computer. When you do, while it boots press F8 and select to load the Safe Mode with Networking, so that you could download SpyHunter from our website. Then restart again, and load your computer in Normal mode to install SpyHunter. Another way to install the program is to download it on another computer, rename the installer file from installer.exe to installer.com and then transfer the file into a USB flash drive. Plug the drive into the infected computer and use it to install the program.
Once SpyHunter is installed, it will scan your computer and detect the rogue, and kill it.
NOTE: Just because you can no longer see the rogue it does not mean that it doesn’t exist. Perform a full system scan to locate and terminate all of its components, because any file associated with the rogue can leave your computer’s door open for other malware.
How to manually remove XP Antivirus 2012
Files associated with XP Antivirus 2012 infection:
XP Antivirus 2012 processes to kill:
Remove XP Antivirus 2012 registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee” -a “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ’1′
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′