Severity scale  

XP Antivirus 2012. How to Remove? (Uninstall Guide)

removal by - -   Also known as XPAntivirus2012, XPAntivirus 2012 | Type: Rogue Antispyware

XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer’s system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally:

XP Antivrus 2012 Firewall Alert
XP Antivirus 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer’s protection!

XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user’s knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don’t buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012.  Also, you can use one of these codes to register the rogue program: 2233-298080-3424, 1147-175591-6550, 3425-814615-3990 or 9443-077673-5028. Once activated, it won't block web browsers and anti-spyware software.

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Reimage - remover Happiness
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall XP Antivirus 2012. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended remover to uninstall XP Antivirus 2012. You should confirm using free trial that it detects current version of parasite.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
We are testing Reimage's efficiency (2012-05-27 18:47)
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes XP Antivirus 2012 (2011-06-08 14:20:49)
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes XP Antivirus 2012 (2011-06-08 14:20:49)
Webroot SecureAnywhere AntiVirus

XP Antivirus 2012 manual removal

Kill processes:
[random characters].exe, like kdn.exe, ppn.exe or similar
Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
Delete files:
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h

Geolocation of XP Antivirus 2012

Map reveals the prevalence of XP Antivirus 2012. Countries and regions that have been affected the most are: Pakistan, India, Philippines, Indonesia and Argentina.

Information updated:

Comments on XP Antivirus 2012

Thanks for this post, i will try that.
quisiera utilizar el antivirus
IF your really savy, then you would have a backup of your files, and then you could just re install windows, its far easier than going through this process
Art Vanderbie
Tried to do a manual removal, but couldnt figure it out. Just installed Webroot Antivirus 2012 and its gone!
Matt M
I have seen and removed various incarnations of this malware on a multitude of machines. It seems to be a bit harder to track and remove it each time I encounter it. The thing I have noticed is that it seems to be auto downloaded to your machine from various sites that fool the user into thinking there is a picture of something they were looking for. As an example, one of my sons was looking for a picture to go into a school report when he got this nasty bug. I thought he was up to no good on the internet, looking at things he was not supposed to be looking at. Well two days later I got the same malware while looking up random car photos using the image search in google.. Serves me right for doubting his word. I have helped others remove this thing off of their machines as well and they all seemed to get it from clicking on links from random websites. The other thing is, no matter what AV people are using, this one gets right past it. Is there any anti-virus that catches this as it tries to download to your machine?
Shannon Alexander
My mum just went to bed and I got on the computer... only to have this crap pop up... I worry about her sometimes...
Shannon Alexander
Thank god for Malware Bytes anti malware... I havent rebooted the system yet but it looked like it got it all
I think I ended up getting this from a fake adobe update. I wasnt paying much attention and clicked update and it ended up saying an error or something so I just closed it and ignored it. Then later the antivirus 2012 popped out. Easy to remove,just try following this guide,system restore,try running malware bytes in safe mode. Make sure u get rid of the whole thing otherwise it wil install itself again.
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)