Remove XP Antivirus 2012
Removal instructions

Severity scale:  
XP Antivirus 2012 is also known as XPAntivirus2012, XPAntivirus 2012 | Type: Rogue Antispyware | Tags: Braviax

XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer’s system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally:

XP Antivrus 2012 Firewall Alert
XP Antivirus 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer’s protection!

XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user’s knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don’t buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012.  Also, you can use one of these codes to register the rogue program: 2233-298080-3424, 1147-175591-6550, 3425-814615-3990 or 9443-077673-5028. Once activated, it won't block web browsers and anti-spyware software.

Automatic XP Antivirus 2012 removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove XP Antivirus 2012 you agree with our Privacy Policy and Agreement of Use.
Do it now!
remover for XP Antivirus 2012 Happiness
Compatible with Microsoft
SpyHunter is recommended remover to uninstall XP Antivirus 2012. You should confirm using free trial that it detects current version of parasite.
more than 40.000.000 downloads!
What to do if you failed to remove the infection?
If you failed to remove XP Antivirus 2012 using SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.

Alternate Software

Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes XP Antivirus 2012 (2011-06-08 14:20:49)
We are testing STOPzilla's efficiency at removing XP Antivirus 2012 (2011-11-28 14:18:22)
XoftSpySE Anti Spyware
We are testing XoftSpySE Anti Spyware's efficiency at removing XP Antivirus 2012 (2011-11-28 14:18:22)
Defender Pro Ultimate
We are testing Defender Pro Ultimate's efficiency at removing XP Antivirus 2012 (2011-11-28 14:18:22)
Virus Removal Phone Support
Help Line to remove XP Antivirus 2012

XP Antivirus 2012 manual removal

Kill processes:
[random characters].exe, like kdn.exe, ppn.exe or similar
Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
Delete files:
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h

Geolocation of XP Antivirus 2012

This map reveals the prevalence of XP Antivirus 2012. Countries and regions that have been affected the most are: Pakistan, India, Philippines, Indonesia and Argentina.

QR code for XP Antivirus 2012 removal instructions

XP Antivirus 2012 qrcode QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the website is that parasites like XP Antivirus 2012 are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall XP Antivirus 2012 right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.

Information added: 2011-06-08 14:20
Information updated: 2012-05-27 18:47

Additional resources

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

Users comments about XP Antivirus 2012:

Just acquired this nasty beast. Theyve changed the kdn.exe file to ina.exe! The ONLY thing that Ive recently downloaded was an update for Adobe Reader. I was printing out some forms yesterday and encountered a popup for Adobe Flash (wasnt paying that much attention) and downloaded it. I logged off my pc soon after. Then this morning I was reading a UK newspaper ( and thats when XP Antivirus 2012 starting running. Not sure if it was the website or the download.
Thank you, thank you thank you, for the manual removal guide! Much appreciated!
Regedit is not accesable. This new virus is blocking EVERY move Im suggested to make. Cannot access ANY ways to remove this crap. Blocks add or remove program, regedit, surfing online. Suggestions? I cannot get anywhere : (
I just restored my system to a time prior to infection and it seems to have done the trick
A safer way to remove this for me is to have another computer, download there, place in usb and install. Installation is luckily unblocked. Thats an alternative especially with low computer editing IQ. Experienced can decode acronyms and segregate files and registry that can destroy your personal being as an internet and computer user(the antivirus) from the system registry that literally destroy your computer. (the important ones that your pc needs to run) Be careful and cautious at all times. An experience may settle you and let you consider the risks. A minor problem. My browser then was I.E. It suddenly hang. I know for sure that when you end a process in the processes tab in task manager will immediately end it. (Instead of the tab where you see on the right side, Running and Not Responding.) Well, I saw the word
Explorer.exe, clicked then clicked the "End Process" button at the bottom. Well, what do you know, everything was gone. From the icons to the taskbar. I could only restart. I experimented again. I tried the 2 letter process IE.exe Sure enough it worked. You dont really know whats gonna harm you from what can help. My solution might ease. But dont expect a quick solution. As this is a damn antivirus.
Registry editor has been disabled by your system administrator. Now what?
I also believe I got from Adobe Flash update. I cannot edit registry nor system restore. I get messages that they have been disabled by a group policy by the domain administrator. How do you kill this thing? I have tried every safe mode, etc approach recommended with no success!
This is a tricky son of a gun. I also believe I got from Adobe Flash update. I cannot edit registry nor system restore. I get messages that they have been disabled by a group policy by the domain administrator. How do you kill this thing? I have tried every safe mode, etc approach recommended with no success!
Same Here, a fake adobe reader update. Apparently the fake updater is the virus injector. I skip that update for months and years sometimes, what made me press that update button Ill never know.
I also seem to have acquired this nasty virus. I was finally able to regain control by starting in safe mode and performing a system restore from there as it blocked me from attempting that and anything else in the normal mode. I am not confident however that it is gone so I will likely download SpyDoctor and see if that helps.
So I woke up this morning and went to check my email. But before I could even click on the internet explorer, XP Antivirus 2012 just popped up out of the blue. I have several others folks living in my house, but I highly dout they were the cause of this. But if they were, they clearly must have falled for that fake Adobe Flash updater. I have seen this fake updater early in the week, but all I did was click remind me later or just exited out of it.

Anyways, I have seen this XP Antivirus 2012 scam product once before but it got a hold to my system after I went onto a website that clearly wasnt no good to be on; so in other words, pop up blockers... So I removed the product by my **REAL** virus remover progam and its been fine ever since.

But now its back on my PC so Im now using my laptop to look up the problem.
if you cant open regedit then right click and press start it should open without the pop up im gonna be fighting this bitch virus tommorow ive been practicing though so yep
If you have trouble getting to the registy editor, try and find 2 processes in taskmanager by using google to find suspicious ones. (i had Gui.exe and another) Once these have been closed, Start > Run > regedit and itll start the process again but you should now have regedit open.
Suresh Mahajan
just you need to Download the “Malwarebytes Anti Malware software” file name is “mbam-setup-”

Run the program and Scan the System….. it will remove all the spyware virus even in Trial Version. Restart the PC. 100% you PC will get rid from XP antivirus 2012.

No need to pay for “Malwarebytes Anti Malware software”…. to remove this fake XP antivirus 2012..

Surseh Mahajan
Computer wont re-boot after using the remover for XP antivirus that is above!!!! We downloaded the version onto a USB from another computer and installed it into the infected PC. After it scanned, the computer froze on the wallpaper. We manually turned it off. Now when we turn it on, it just shows a black screen with a blinking cursor on the left upper corner. We tried tapping F8 repeatedly as we read on another site, but no luck. What do we do?????????????????????????
LD did u take the usb flash drive out b4 u turned it on? If it is left in the pc when u restart it will try to boot off of the flash drive. Unplug it then turn on pc.
I also tried to remove this with malwarebytes which removed it but now computer keeps restaring without going to windows. recovered pc and now im trying this manually with the instructions on the screen and will try the removal tool provided too.
XP Antivirus 2012 nailed me this morning, I believe it was a link from Drudge to a news story. The first thing to pop up after a reboot was the XP Antivirus 2012 window and I knew I had been bit but did not click on the box at all. I opened task manager and noticed a ayo.exe running, ending it would make the XP Av window close. So my version required looking for ayo.exe in the above manual removal process.
Here is a Microsoft KB to help run regedit when the exe shell has been hijacked, It worked like a charm in this case and I was able to modify the affected registry entries, delete the ayo.exe file (empty trash) and disabled then re-enabled system restore.
Thanks for this manual removal guide, I think it did the trick!
Just removed of my fiancees laptop. came in with a fake adobe update.

To remove used tools autoruns and process explorer both available free on the website redirects you to a microsoft site as its been bought over. had to go into safe mode and stop the ejo file from loading with autoruns before rebooting the pc and then clearing out the files listed above. and checking all good with process explorer. process explorer is a very easy way to kill processes.
Thank you so much for helping me remove it! However, I still cant open exe files!
this is very harm to system just it makes thre people fool dont use this antivirus
because of this i formatted my os
More comments...

Post Comment

Attention: Use this form only if you have additional information about XP Antivirus 2012 parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)
Like us on Facebook
Ask us
What's your antispyware?
I failed to remove XP Antivirus 2012 using SpyHunter.


add text box
rss feed
help other
Spreading the knowledge: It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!