Remove XP Antispyware 2012. Removal instructions

Also known as: XPAntispyware2012, XPAntispyware 2012

Severity scale:  (65 / 100)

XP Antispyware 2012 is a rogue antivirus application that reports false system security threats and displays fake security alerts to convince you that your computer is infected. The program is promoted through the use of Trojans and other malicious software. Once installed, Vista Antivirus will perform fake system scan and report false or exaggerated system security threats on your PC. Then you will be prompted to pay for a full license of the application in order to remove those threats. However, we strongly recommend you not to do so. Instead, uninstall XP Antispyware 2012 from your computer upon detection.

In most of the cases, XP Antispyware 2012 displays such alerts for making users think it has detected numerous viruses on your computer:

XP Antispyware 2012 Firewall Alert
XP Home Security 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

While running, XP Antispyware 2012 flood your computer with very annoying and of course fake security alerts. The rogue impersonates Windows Security Center and stated that your PC is not protected and that you should purchase XP Antispyware 2012 in order to ensure full system protection. No matter what you click in those fake security alerts, you will be automatically redirected to the pay page of XP Antispyware 2012. Do no purchase it! It's nothing more but a scam. Instead, please use the removal guide below to remove this infection from your computer manually for free. Also be sure to scan your PC with a reputable and reliable anti-spyware application to make sure that there are no other infections left on your computer. Also, you can use these codes 2233-298080-3424, 3425-814615-3990 or 9443-077673-5028 to register the rogue program. Once activated, it won't block web browsers and anti-spyware software.

Automatic XP Antispyware 2012 removal:

STOPzilla

download | review

Tested and Confirmed! STOPzilla removes XP Antispyware 2012 (2011-06-08 15:20:24)

Malwarebytes Anti Malware

download | review

Tested and Confirmed! Malwarebytes Anti Malware removes XP Antispyware 2012 (2011-06-08 15:20:24)

Spyware Doctor

download | review | tutorial

We are testing Spyware Doctor's efficiency at removing XP Antispyware 2012 (2012-01-18 06:25:22)

XoftSpySE Anti Spyware

download | review

XP Antispyware 2012 manual removal:

FORUM:
Discuss XP Antispyware 2012 in
spyware removal forum

Kill processes:
kdn.exe

HELP:
how to kill malicious processes

Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'

HELP:
how to remove registry entries

Delete files:
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h %LocalAppData%\kdn.exe %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h %Temp%\u3f7pnvfncsjk2e86abfbj5h %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h

HELP:
how to remove harmful files

Additional resources related to XP Antispyware 2012:

0

0

BlandyJean

This xp antispyware thing has got to the point my browsers will not even work to download Malware to delete it. What do I do?

Reply »

2011 06 13

3

1

Seán Dunne

To download Malwarebytes to remove the program you need to boot into safe mode.

1. Switch off your computer,
2. Press the power button,
3. Keep pressing the f8 key until a boot screen appears with different boot options.
4. Choose "Safe mode with Networking"
5. You might have to choose your operating system, i.e. Win XP

Now you should be free to boot up without the hassle of the virus and remove it.
If those steps didnt work just google, how to start windows {your OS} XP in safe mode.
Remember to use safe mode with networking or you wont have internet access.

Reply »

2011 06 15

0

0

Jack Lindley

If you cant fins kdn.exe then it is likely to be found as Trf.exe, the same rules apply to get rid of it.

Reply »

2011 07 18

0

0

qbsen

On my computer, the name of the file was fuy.exe instead of kdn.

Reply »

2011 07 27

2

0

Richard

Whilst the example lists the process as kdn.exe, the virus chooses 3 random letters for its filename.

I have just removed one named "mid.exe".

SOURCE: Im a computer support technician.

Reply »

2011 08 18

0

1

Ace

Its Russian maleware. Keylogging for fraudulent credit card transactions. Big business in Russia and the satellite nations.

Reply »

2011 12 06

0

0

none

also appears as fcu.exe.
do not download PCTOOLS spyware doctor - it demands you pay before it removes the virus.

Reply »

2011 12 22

0

0

Chris

I was having the same Problem as the other Fella,Thanks for the Safe Mode Advice, Spot on :) Ty

Reply »

2012 01 02

0

0

Nick

Even in safe mode I cannot run spyware removal tools eg malwarebytes because XP antispyware 2012 takes over. Any suggestions?

Reply »

2012 01 03

Post Comment:

Attention: Use this form only if you have additional information about XP Antispyware 2012 parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«


* All field required